摘要:Evasive software keyloggers hide their malicious behaviors to defeat run-time detection. In this paper, based on the analysis of the evasion mechanisms used by common software keyloggers, we established a framework for their detection. Using an enticement strategy, the framework we built could induce keyloggers exhibited more obvious malicious activities by mimicking user keystrokes. These ‘amplified’ activities are then correlated by the dendritic cell algorithm (an immune-inspired algorithm) to final determine the existence of a keylogger in a host. Preliminary experimental results showed that the framework could improve the performance of keylogger detection and hard to evade.
