Detecting Software Keyloggers with Dendritic Cell Algorithm

As a kind of invisible spyware that records user’s keystrokes, software keyloggers have posed a great threat to user privacy and security. It is difficult to detect keyloggers because they run in a hidden mode. In this paper, an immune-inspired dendritic cell algorithm (DCA) was used to detect the existence of keyloggers on an infected host machine. The basis of the detection is facilitated through the correlation (including the timing relationships) between different behaviors such as keylogging, file access and network communication. The results of the experiments show that it is a successful technique for the detection of keyloggers without responding to normally running programs.

[1]  Julie Greensmith,et al.  Information fusion for anomaly detection with the dendritic cell algorithm , 2010, Inf. Fusion.

[2]  W. Mahmood,et al.  A Robust Technique of Anti Key-Logging using Key-Logging Mechanism , 2007, 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference.

[3]  Muhammad Aslam,et al.  Anti-Hook Shield against the Software Key Loggers , 2004 .

[4]  Julie Greensmith,et al.  DCA for bot detection , 2008, 2008 IEEE Congress on Evolutionary Computation (IEEE World Congress on Computational Intelligence).

[5]  Uwe Aickelin,et al.  Biological Inspiration for Artificial Immune Systems , 2007, ICARIS.

[6]  Julie Greensmith,et al.  The dendritic cell algorithm , 2007 .

[7]  Christophe Kalt Internet Relay Chat: Architecture , 2000, RFC.

[8]  Paul Cockram,et al.  Maths and statistics for accounting and business studies , 1988 .

[9]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[10]  Gu Ji-yan,et al.  The Dendritic Cell Algorithm , 2011 .