期刊名称:International Journal of Engineering and Computer Science
印刷版ISSN:2319-7242
出版年度:2014
卷号:3
期号:10
页码:8812-8820
出版社:IJECS
摘要:Software keyloggers are a fast growing class of invasive software often used to harvest confidential information. One of the mainreasons for this rapid growth is the possibility for unprivileged programs running in user space to eavesdrop and record all thekeystrokes typed by the users of a system. The ability to run in unprivileged mode facilitates their implementation anddistribution, but, at the same time, allows one to understand and model their behavior in detail. Leveraging this characteristic, wepropose a new detection technique that simulates carefully crafted keystroke sequences in input and observes the behavior of thekeylogger in output to unambiguously identify it among all the running processes. We have prototyped our technique as anunprivileged application, hence matching the same ease of deployment of a keylogger executing in unprivileged mode. We havesuccessfully evaluated the underlying technique against the most common free keyloggers. This confirms the viability of ourapproach in practical scenarios. We have also devised potential evasion techniques that may be adopted to circumvent ourapproach and proposed a heuristic to strengthen the effectiveness of our solution against more elaborated attacks. Extensiveexperimental results confirm that our technique is robust to both false positives and false negatives in realistic settings
