Characteristics of I/O traffic in personal computer and server workloads
IBM Systems Journal
Siren: Catching Evasive Malware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting Bots Based on Keylogging Activities
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
On the Importance of the Pearson Correlation Coefficient in Noise Reduction
IEEE Transactions on Audio, Speech, and Language Processing
KLIMAX: profiling memory write patterns to detect keystroke-harvesting malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
NoisyKey: tolerating keyloggers via keystrokes hiding
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Memoirs of a browser: a cross-browser detection model for privacy-breaching extensions
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Hi-index | 0.00 |
Software keyloggers are a fast growing class of malware often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs running in user space to eavesdrop and record all the keystrokes of the users of the system. Such an ability to run in unprivileged mode facilitates their implementation and distribution, but, at the same time, allows to understand and model their behavior in detail. Leveraging this property, we propose a new detection technique that simulates carefully crafted keystroke sequences (the bait) in input and observes the behavior of the keylogger in output to univocally identify it among all the running processes. We have prototyped and evaluated this technique with some of the most common free keyloggers. Experimental results are encouraging and confirm the viability of our approach in practical scenarios.