A new software is in development that immediately blocks unauthorised commands during money transfers.
Researchers at Georgia Tech have created a prototype software named Gyrus, that takes extra steps to prevent malware from sending spam emails and instant messages.
"Gyrus is a transparent layer on top of the window of an application. If Gyrus detects that user-intended data has tampered with, it will block the traffic and also notify the user," explained Wenke Lee, director of the Georgia Tech Information Security Centre (GTISC).
Current protection programmes might recognise the original user's intent to send email, transfer money or engage in other transactions but cannot verify the specifics such as email contents or amount of money.
Without context, it is impossible to properly verify the user's full intent, regardless of whether the software is protecting a financial transfer, an industrial control system or a wide range of other user-driven applications.
The Georgia Tech research is based on the observation that for most text-based applications, the user's intent would be displayed entirely on screen, as text, and the user would make modifications if what is on screen is not what he or she wants.
In the researchers' words, Gyrus implements a 'What You See Is What You Send' (WYSIWYS) policy.
"The idea of defining correct behaviour of an application by capturing user intent is not entirely new, but previous attempts in this space use an overly simplistic model of the user's behaviour," said Yeongjin Jang, PhD student at Georgia Tech.
Gyrus captures richer semantics including both user actions and text contents, along with applications semantics, to make the system send only user-intended network traffic.
Gyrus indirectly but correctly determines user intent from the screen that is displayed to the user, said the study presented during the 2014 Network and Distributed System Security Symposium (NDSS) in California recently.