Enhancing USB security: a multi-layered framework for detecting vulnerabilities and mitigating BadUSB attacks

Abstract

Universal Serial Bus (USB) devices are an inseparable part of modern computing and they are also a considerable cybersecurity threat. Malicious hardware like BadUSBs, Keyloggers and other peripherals that have been reprogrammed can pose as legitimate devices, execute commands that are not authorized and steal confidential data without the user’s knowledge. This study introduces a detailed software-based system that attempts to identify and prevent malicious USB actions by employing a multi-layered security system. The proposed system incorporates USB metadata validation system, behavioral tracking, anomaly detection and user-verification to offer high protection without affecting usability. The framework is deployed by the device connection and it temporarily isolates the device as it tries to verify the authenticity of the device by analysing power consumption, keystroke timing, CAPTCHA and mouse hover-based user authentication. In its simplest form, a machine-learning model trained on real and GAN-enhanced data would allow the process of adaptive threat detection that can detect changing attack patterns with high accuracy. Experimental tests prove that the system attains high detection effectiveness and a very low false-positive level, which effectively eliminates the risks of malicious USB devices. This product fills a severe gap in endpoint protection by providing a practical, smart and user-friendly solution to protect personal and enterprise space against the emerging threat of USB-based attacks.

Description

Cataloged from PDF version of thesis.
Includes bibliographical references (pages 102-104).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2025.

Keywords

USB devices, BadUSB attack, Anomaly detection, Device fingerprinting, Adaptive learning, Forensic analysis, USB metadata validation system, Behavioral tracking, User verification, Cyber threats, Data protection

Citation

Endorsement

Review

Supplemented By

Referenced By