Keylogger Detection using Machine learning

ABSTRACT

This paper presents a novel approach to detecting keyloggers using machine

learning algorithms, specifically XG Boost. The proposed system leverages the
unique characteristics of keylogging behavior to identify potential threats. By
analyzing typing patterns, network traffic, and system behavior, the system can
accurately detect keyloggers even when they employ non-standard
communication methods. The XG Boost algorithm is used to classify system
inputs as legitimate or suspicious, allowing for real-time detection of
keylogging activity. This approach offers improved accuracy compared to
traditional signature-based detection methods and can adapt to new types of
keyloggers as they emerge.

PROBLEM DEFINITION

Key logger detection involves identifying and preventing malicious software

(malware) that secretly records keystrokes on a computer system. This type of
malware can be particularly dangerous as it allows attackers to capture sensitive
information such as passwords, credit card numbers, and other personal data
without the user's knowledge or consent.

OBJECTIVE

The objective of this project is to develop a machine learning-based system that

can detect key logging activities on computer systems. Key logging involves
secretly capturing keystrokes made on a computer keyboard, which can be used
to steal sensitive information such as passwords, credit card numbers, and other
personal data.

SCOPE OF THE PROJECT

  To create a system that can accurately detect software keyloggers
operating in the background of a computer system.
 To address the challenges of traditional keylogger detection methods,
such as time-consuming nature and reliance on specific input traffic
behavior.

LITERATURE SURVEY

Title: A Novel Approaches for Keylogging-Resistant Visual Authentication

Protocols

Author: Priyanka Mane

Year: 2019

Description: The Keystroke work, mentioned as key work or capturing the

strokes of keyboard, is that the act of recording which suggests work the keys
ironed on a keyboard, alternative approach spherical it's, that the person
victimization the keyboard is unknown regarding the actual fact that their
actions ar being discovered. Key work can even be wont to study human–
computer interaction. We've sizable amount of key work ways that vary from
hardware and software package approaches to acoustic analysis. Here we've
planned two visual authentication protocols one could be a one-time-password
protocol, the opposite one is password-based authentication protocol. We have a
tendency to verify that our protocols are a lot of robust and may with stand to
several of the difficult authentication attacks. Our main focus is to spotlight the
potential of our approach for real-world deployment: whether or not we will
reach a high level of usability with satisfactory and acceptable results.

Title: Unprivileged Black-Box Detection of User-Space Keyloggers

Author: Stefano Ortolani

Year: 2020

Description: Software keyloggers are a fast growing class of invasive software

often used to harvest confidential information. One of the main reasons for this
rapid growth is the possibility for unprivileged programs running in user space
to eavesdrop and record all the keystrokes typed by the users of a system. The
ability to run in unprivileged mode facilitates their implementation and
distribution, but, at the same time, allows one to understand and model their
behavior in detail. Leveraging this characteristic, we propose a new detection
technique that simulates carefully crafted keystroke sequences in input and
observes the behavior of the keylogger in output to unambiguously identify it
among all the running processes. We have prototyped our technique as an
unprivileged application, hence matching the same ease of deployment of a
keylogger executing in unprivileged mode. We have successfully evaluated the
underlying technique against the most common free keyloggers. This confirms
the viability of our approach in practical scenarios. We have also devised
potential evasion techniques that may be adopted to circumvent our approach
and proposed a heuristic to strengthen the effectiveness of our solution against
more elaborated attacks. Extensive experimental results confirm that our
technique is robust to both false positives and false negatives in realistic
settings.

Title: Keyloggers in Cybersecurity Education.

Author: Christopher Alphonse Wood

Year: 2021

Description: Keylogger programs attempt to retrieve confi- dential information

by covertly capturing user input via keystroke monitoring and then relaying this
information to others, often for malicious purposes. Keyloggers thus pose a
major threat to business and personal activities such as Internet transactions,
online banking, email, or chat. To deal with such threats, not only must users be
made aware about this type of malware, but software practitioners and students
must also be educated in the design, implementation, and monitoring of
effective defenses against different keylogger attacks. This paper presents a case
for incorporating keylog- ging in cybersecurity education. First, the paper
provides an overview of keylogger programs, discusses keylogger design,
implementation, and usage, and presents effective approaches to detect and
prevent keylogging attacks. Second, the paper outlines several keylogging
projects that can be incorporated into an undergraduate computing program to
educate the next generation of cybersecurity practitioners in this important
topic.

Title: Permission-Based Malware Detection in Android Using Machine

Learning

Author: Stefano Ortolani

Year: 2020

Description: Mobile devices are increasingly vulnerable to malicious programs

or apps that threaten the privacy of users' data. Malicious apps are more
intrusive than necessary, as they require fewer overall permissions to operate.
The open-source nature of the Android platform, its acceptance of third-party
app stores, and the range of app vetting make it more susceptible to attacks. To
address this issue, a malware detection system has been developed that analyzes
an app's permission requests and categorizes it as either benign or malware. The
system uses a multi-level-based approach that involves collecting a dataset of
10,000 apps and identifying various aspects such as permission, small size, and
permission rates. The apps are then classified as malware or benign using
machine learning algorithms. The proposed technique achieved higher accuracy
in detecting malware compared to existing methods, with accuracies of 91.54 %
for Support Vector Machine, 92.04 % for Random Forest, and 91.11 % for
Naive Bayes models. The proposed model showed a great balance between
detecting malware and benign applications. The methodology also shows
promise as a low-cost alternative to existing methods for detecting malware in
Android apps, especially those that have been repackaged.

Title: Keylogging-Resistant Visual Authentication Protocols

Author: daehun Nyang

Year: 2019

Description: The design of secure authentication protocols is quite challenging,

considering that various kinds of root kits reside in Personal Computers (pcs) to
observe user’s behavior and to make pcs untrusted devices. Involving human in
authentication protocols, while promising, is not easy because of their limited
capability of computation and memorization. Therefore, relying on users to
enhance security necessarily degrades the usability. On the other hand, relaxing
assumptions and rigorous security design to improve the user experience can
lead to security breaches that can harm the users’ trust. In this paper, we
demonstrate how careful visualization design can enhance not only the security
but also the usability of authentication. To that end, we propose two visual
authentication protocols: one is a one-time-password protocol, and the other is a
password-based authentication protocol. Through rigorous analysis, we verify
that our protocols are immune to many of the challenging authentication attacks
applicable in the literature. Furthermore, using an extensive case study on a
prototype of our protocols, we highlight the potential of our approach for real-
world deployment: we were able to achieve a high level of usability while
satisfying stringent security requirements.

Architecture Diagram