Abstract

Key loggers are used on a machine to monitor the user activity by logging keystrokes and delivering them to a third party. The main goal is to prevent user-space key loggers from stealing confidential data originally intended for a legitimate foreground application. Therefore, a new detection technique has been proposed that simulates carefully crafted keystroke sequences in input and observes the behaviour of the key logger in output to identify it among all the running processes. The proposed detection technique is implemented in C#, it runs as an unprivileged application for the Windows OS. An unprivileged black box approach for accurate detection of user space key loggers has been devised by correlating the input (keystrokes) with the output (I/O patterns produced by the key logger).