CFP last date
20 January 2025
Reseach Article

Keylogger Detection using Memory Forensic and Network Monitoring

by Md Bayzid Ahmed, Mohiuddin Shoikot, Jafrul Hossain, Anisur Rahman
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 177 - Number 11
Year of Publication: 2019
Authors: Md Bayzid Ahmed, Mohiuddin Shoikot, Jafrul Hossain, Anisur Rahman
10.5120/ijca2019919483

Md Bayzid Ahmed, Mohiuddin Shoikot, Jafrul Hossain, Anisur Rahman . Keylogger Detection using Memory Forensic and Network Monitoring. International Journal of Computer Applications. 177, 11 ( Oct 2019), 17-21. DOI=10.5120/ijca2019919483

@article{ 10.5120/ijca2019919483,
author = { Md Bayzid Ahmed, Mohiuddin Shoikot, Jafrul Hossain, Anisur Rahman },
title = { Keylogger Detection using Memory Forensic and Network Monitoring },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2019 },
volume = { 177 },
number = { 11 },
month = { Oct },
year = { 2019 },
issn = { 0975-8887 },
pages = { 17-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume177/number11/30941-2019919483/ },
doi = { 10.5120/ijca2019919483 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:45:35.085738+05:30
%A Md Bayzid Ahmed
%A Mohiuddin Shoikot
%A Jafrul Hossain
%A Anisur Rahman
%T Keylogger Detection using Memory Forensic and Network Monitoring
%J International Journal of Computer Applications
%@ 0975-8887
%V 177
%N 11
%P 17-21
%D 2019
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Human society is moving towards a life that is fully govern by automated system where every important event of our life is locked and protected by a ‘String’, known as password. Password protection is in high demand and researchers shown fervent interest to accomplish the same. Besides, the process of stealing information also evolving. Keystrokes monitoring by using keylogger is an advanced way to steal passwords and valuable data. As keylogger is an unprivileged program running on user-space, it could be injected through many different ways into a computer. Usually, keylogger is untraceable by the user and also undetectable by various known anti-viruses. Many cyber security specialists have proposed different methods for detection of this malicious program which includes API based detection method and network traffic monitoring system. But, with evolving technology, attackers have developed a new level of keylogger which is no longer easily detected though those conventional methods. This new level of keyloggers is capable of communicating with the eavesdropper without sending any attached file and uses volatile memory as a buffer. In this paper, we have proposed a memory analysis based detection method. This proposed method is capable of detecting such different type of logger and also works for on traditional one. With this method any regular user can detect any suspicious activity. And also it does not need any special permission from operating system. It was tested on Linux and Windows OS with satisfactory level of success.

References
  1. Chien-Wei Hung, Fu-Hau Hsu*, Shih-Jen Chen, Chang-Kuo Tso, Yan-Ling Hwang, Po-Ching Lin, and Li-Pin Hsu, A QTE-based Solution to Keylogger Attacks, The Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012), Rome, Italy, August 19 - 24, 2012
  2. Rao, Ahsan. (2017). Detection of unprivilliged keylogger.
  3. Creutzburg, Reiner. (2017). The strange world of keyloggers - an overview, Part I. Electronic Imaging. 2017. 139-148. 10.2352/ISSN.2470-1173.2017.6.MOBMU-313.
  4. “Unprivileged detection of user space keyliggers” by Mugdha Kolte from MITCOE International Journal of Innovation Research in Science, Engineering and Technology
  5. Stefano Ortolani, Cristiano Guiffrida, Bruna Crispo: Bait Your Hook: A Novel Detection Technique for key loggers; S. Jha, R. Sommer, and C. Kreibich (Eds.): RAID 2010, LNCS 6307, pp. 198–217, 2010. c_Springer-Verlag Berlin Heidelberg 2010
  6. Mahak Arora, Kamal Kumar Sharma, Sharad Chauhan: Cyber Crime Combatting Using Keylog Detector Tool; Mahak Arora et al. International Journal of Recent Research Aspects ISSN: 2349-7688, Vol. 3, Issue 2, June 2016, pp. 1-5
  7. R Sreeram Sreenivas, Dr R Anitha; Detecting keyloggers based on traffic analysis with periodic behavior; PSG College of Technology, Coimbatore, India
  8. Keylogger Detection and Containment by Stefani Ortolani(PHD Thesis) from Vrije Universiteit Amsterdam.
  9. Graeme Massina (2018, February 26), Computer Forensics: Memory Forensic, Retrieved from https://resources.infosecinstitute.com/category/computerforensics/introduction/areas-of-study/digital-forensics/memory-forensics/
  10. Eliézer Pereira (2017, June 1), RAM Memory Forensic Analysis, Retrieved from https://www.cybrary.it/0p3n/ram-memory-forensic-analysis/
  11. Limon, Gabriela. (2010). Forensic physical memory analysis: an overview of tools and techniques.
  12. Vidas, Timothy. (2006). The Acquisition and Analysis of Random Access Memory. J. Digital Forensic Practice. 1. 315-323. 10.1080/15567280701418171.
  13. Case, Andrew and Golden G. Richard. “Memory forensics: The path forward.” Digital Investigation 20 (2017): 23-3
Index Terms

Computer Science
Information Sciences

Keywords

Keylogger volatility user space memory forensic wireshark SMTP HTTP key strokes.