Researchers from the St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS) have proposed an approach that allows for detecting the keyloggers – programs that record the sequence of keys’ pressings on a keyboard or mouse. The results of the study can be used in network security systems to protect against the intruders capable of using keyloggers, for example, to gain access to user accounts.
Keyloggers are special programs or devices designed to record keystrokes on a user’s keyboard. All keystrokes are read and written in a special file, which is then transmitted to the intruder. Keyloggers can be used for both legitimate purposes, such as monitoring employees, and malicious ones, such as stealing personal information, passwords, and financial data. The main threat posed by keyloggers is that they can silently collect sensitive information, thus, leading to the risk of fraud, identity theft, and even financial losses. In addition, keyloggers can be part of more sophisticated malware that uses the collected data for further attacks, like phishing or spreading viruses.
“We have developed an approach that looks for the traces of keyloggers in network traffic, that is, it is aimed at the process of interaction between spyware and remote servers. Our solution is based on several artificial intelligence methods that can monitor the user or organization traffic and send a signal if suspicious network activity similar to keyloggers is detected somewhere,” says Dmitry Levshun, Senior Researcher at the SPC RAS Laboratory of Computer Security Problems. During the experiments, SPC RAS researchers have analyzed open data sets containing keylogger traffic, pre-processed the data, selected and tested machine learning models of different architectures. The models were estimated by various metrics of keyboard spyware detection efficiency, as well as by performance.
"We performed a comparative analysis and selected the best effective models that can be built into the existing network security systems. They will allow users for reducing the number of threats associated with fraudsters who use keyloggers," notes Diana Levshun, Junior Researcher at the SPC RAS Laboratory of Computer Security Problems.
The study was published in the Proceedings of the 16th International Conference on Communication Systems & Networks (COMSNETS).