Keylogger Detection Using a Decoy Keyboard - Data and Applications Security and Privacy XXXI
Conference Papers Year : 2017

Keylogger Detection Using a Decoy Keyboard

Seth Simms
  • Function : Author
  • PersonId : 1026616
Margot Maxwell
  • Function : Author
  • PersonId : 1026617
Sara Johnson
  • Function : Author
  • PersonId : 1026618
Julian Rrushi
  • Function : Author
  • PersonId : 1026619

Abstract

Commercial anti-malware systems currently rely on signatures or patterns learned from samples of known malware, and are unable to detect zero-day malware, rendering computers unprotected. In this paper we present a novel kernel-level technique of detecting keyloggers. Our approach operates through the use of a decoy keyboard. It uses a low-level driver to emulate and expose keystrokes modeled after actual users. We developed a statistical model of the typing profiles of real users, which regulates the times of delivery of emulated keystrokes. A kernel filter driver enables the decoy keyboard to shadow the physical keyboard, such as one single keyboard appears on the device tree at all times. That keyboard is the physical keyboard when the actual user types on it, and the decoy keyboard during time windows of user inactivity. Malware are detected in a second order fashion when data leaked by the decoy keyboard are used to access resources on the compromised machine. We tested our approach against live malware samples that we obtained from public repositories, and report the findings in the paper. The decoy keyboard is able to detect 0-day malware, and can co-exist with a real keyboard on a computer in production without causing any disruptions to the user’s work.
Fichier principal
Vignette du fichier
453481_1_En_24_Chapter.pdf (293.38 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01684350 , version 1 (15-01-2018)

Licence

Identifiers

Cite

Seth Simms, Margot Maxwell, Sara Johnson, Julian Rrushi. Keylogger Detection Using a Decoy Keyboard. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.433-452, ⟨10.1007/978-3-319-61176-1_24⟩. ⟨hal-01684350⟩
236 View
506 Download

Altmetric

Share

More