This section provides background information related to the present disclosure which is not necessarily prior art.
1. Technical Field
The invention relates to a method for detecting attacks on at least one interface of a computer system, in particular an attack on plug-and-play interfaces.
2. Discussion
A typical attack scenario today is to compromise a PC by using plug-and-play mechanisms, for example, executing a code through autoplay functions after inserting a USB memory stick. Protection against such attacks is increasingly in demand in the self-service environment. The problem, however, is that the complete plug-and-play functionality cannot be blocked as a precaution because this also restricts the required functionality of a cash dispensing machine (ATM). Solutions that, for example, do not allow the recognition and processing of external devices on the USB driver level if they are not entered on white lists (e.g. the USB filter driver discussed in PSD 5), are not unreservedly effective and do not represent a complete solution.