Detecting Bots Based on Keylogging Activities

Add code
Feb 05, 2010
Yousof Al-Hammadi, Uwe Aickelin
Figure 1 for Detecting Bots Based on Keylogging Activities
Figure 2 for Detecting Bots Based on Keylogging Activities
Figure 3 for Detecting Bots Based on Keylogging Activities
Figure 4 for Detecting Bots Based on Keylogging Activities

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

A bot is a piece of software that is usually installed on an infected machine without the user's knowledge. A bot is controlled remotely by the attacker under a Command and Control structure. Recent statistics show that bots represent one of the fastest growing threats to our network by performing malicious activities such as email spamming or keylogging. However, few bot detection techniques have been developed to date. In this paper, we investigate a behavioural algorithm to detect a single bot that uses keylogging activity. Our approach involves the use of function calls analysis for the detection of the bot with a keylogging component. Correlation of the frequency of a specified time-window is performed to enhance he detection scheme. We perform a range of experiments with the spybot. Our results show that there is a high correlation between some function calls executed by this bot which indicates abnormal activity in our system.

* Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES2008)  * 7 pages, 7 figures, 3rd International Conference on Availability, Reliability and Security (ARES2008)  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon