Keylogger vs Privacy: Comparison of Machine Learning Models

Year 2024, Volume: 24 Issue: 05, 1189 - 1197

Seher Kızıltepe , Eyyüp Gülbandılar

Abstract

Keylogger software is spyware that records, captures, keeps and sends the data entered by users using the keyboard to the Attacker. Great importance is attached to ensuring the confidentiality and security of the work carried out in this regard, as it may endanger personal information and confidentiality. Machine learning methods can detect anomalies by analyzing them and identify keyloggers. The aim of this study is to detect keyloggers and to determine the most commonly used machine solutions and to compare the performance between these rates. For this purpose, a data set was created on performance comparisons by calculating the accuracy rates of LightGBM, kNN, Decision Tree and Random Forest models in keylogger detection. According to the activities AUC score show, the Random Forest model shows better performance compared to other models. When providing the accuracy score, it shows that Decision Tree and Random Forest models show better accuracy than other models, while kNN and LightGBM models perform lower. As a result, evaluations using the AUC score and accuracy score reveal different results. While the AUC score evaluates their growth from a broader perspective, the accuracy score focuses on accurate results. The Random Forest model performs better than other models in terms of both AUC score and accuracy score.

Keywords

Keylogger, Security, Malware, Machine Learning, Keylogger detection

Ethical Statement

The authors declare that they comply with all ethical standards.

Keylogger ve Gizlilik: Makine Öğrenimi Modellerinin Karşılaştırması

Abstract

Keylogger yazılımları, kullanıcının klavye kullanarak girdiği verileri günlüğe kaydederek yakalayıp, tutan ve bunları saldırgan'a gönderen casus yazılımlardır. Kişisel bilgilerin ve gizliliğin tehlikeye girmesine neden olabileceği için bu konuda yapılan çalışmalar gizlilik ve güvenliği sağlamak açısından büyük önem taşımaktadır. Makine Öğrenimi (ML) yöntemleri, anormallikleri analiz ederek tespit edebilir ve keylogger'ları tanımlayabilir. Bu çalışmanın amacı, keylogger'ları tespit edebilen ve en yaygın kullanılan ML yöntemlerini belirleyerek bu yöntemler arasında performans karşılaştırması yapmaktır. Bu amaç doğrultusunda, bir veri seti üzerinde LightGBM, kNN, Decision Tree ve Random Forest modellerinin keylogger tespitindeki doğruluk oranlarını hesaplayarak performans karşılaştırmaları yapılmıştır. Yapılan çalışmada AUC skoru sonuçlarına göre Random Forest modelinin diğer modellere kıyasla daha iyi sınıflandırma performansı sergilemektedir. Doğruluk skoru sonuçlarına göre ise Decision Tree ve Random Forest modellerinin diğer modellere göre daha iyi doğruluk sağladığını gösterirken, kNN ve LightGBM modellerinin daha düşük performans gösterdiğini göstermektedir. Sonuç olarak, AUC skoru ve doğruluk skoru kullanılarak yapılan değerlendirmeler farklı sonuçlar ortaya koymaktadır. AUC skoru, sınıflandırma performansını daha geniş bir perspektiften değerlendirirken, doğruluk skoru doğru sınıflandırma oranına odaklanır. Random Forest modeli, hem AUC skoru hem de doğruluk skoru açısından diğer modellere göre daha iyi performans göstermektedir.

Keywords

Keylogger, Gizlilik, Kötü amaçlı yazılım, Makine Öğrenimi, Keylogger tespiti, Keylogger tespiti

Ethical Statement

Yazarlar tüm etik standartlara uyduklarını beyan ederler.

References

• Alghamdi, S. M., Othathi, E. S. and Alsulami, B. S., 2022. Detect keyloggers by using machine learning. 2022 Fifth National Conference of Saudi Computers Colleges (NCCC). Makkah, Saudi Arabia, 193-200. https:/doi.org/10.1109/nccc57165.2022.10067780
• Alqahtani, E. J., Zagrouba, R. and Almuhaideb, A., 2019. A survey on android malware detection techniques using machine learning algorithms. 2019 Sixth International Conference on Software Defined Systems (SDS). Rome, Italy, 110-117, https:/doi.org/10.1109/sds.2019.8768729
• Arslan, N. N. and Özdemir, D., 2024. A comparison of traditional and state-of-the-art machine learning algorithms for type 2 diabetes prediction. Journal of Scientific Reports-C, 006, 1-11.
• Balakrishnan, Y. and Renjith, P. N., 2023. An analysis on keylogger attack and detection based on machine learning. 2023 International Conference on Artificial Intelligence and Knowledge Discovery in Concurrent Engineering (ICECONF). Chennai, India, 1-8. https:/doi.org/10.1109/iceconf57129.2023.10083937
• Case, A., Maggio, R. D., Firoz-Ul-Amin, M., Jalalzai, M. M., Ali-Gombe, A., Sun, M. and Richard III, G. G., 2020. Hooktracer: Automatic detection and analysis of keystroke loggers using memory forensics. Computers & Security, 96, 101872. https://doi.org/10.1016/j.cose.2020.101872
• Creutzburg, R., 2017. The strange world of keyloggers-an overview, Part I. IS&T Int’l. Symp. on electronic imaging: mobile devices and multimedia: Enabling technologies, Algorithms, and Applications, 139 - 148, Burlingame, California USA. https:/doi.org/10.2352/issn.2470-1173.2017.6.mobmu-313
• Dada, E. G., Bassi, J. S., Hurcha, Y. J. and Alkali, A. H., 2019. Performance evaluation of machine learning algorithms for detection and prevention of malware attacks. IOSR Journal of Computer Engineering, 21(3), 18-27. https:/doi.org/ 10.9790/0661-2103011827
• Dörterler, S., Dumlu, H., Özdemir, D. and Temurtaş, H., 2024. Hybridization of meta-heuristic algorithms with k-means for clustering analysis: Case of medical datasets, Gazi Mühendislik Bilimleri Dergisi, 10 (1), 1–11. https://doi:10.30855/gmbd.0705N01
• García-Teodoro, P., Gómez-Hernández, J. A. and Abellán-Galera, A., 2022. Multi-labeling of complex, multi-behavioral malware samples. Computers & Security, 121, 102845. https://doi.org/10.1016/j.cose.2022.102845
• Hung, C. W., Hsu, F. H., Wang, C. S. and Lee, C. H., 2020. Keyloggers prevention with time-sensitive obfuscation. İnternational Journal of Computer and Information Engineering, 14(6), 225-229.
• Huseynov, H., Kourai, K., Saadawi, T. and Igbe, O., 2020. Virtual machine introspection for anomaly-based keylogger detection. 2020 IEEE 21st International Conference on High Performance Switching and Routing (HPSR). Newark, NJ, USA, 1-6. https:/doi.org/10.1109/hpsr48589.2020.9098980
• Jawed, H., Ziad, Z., Khan, M. M. and Asrar, M., 2018. Anomaly detection through keystroke and tap dynamics implemented via machine learning algorithms. Turkish Journal of Electrical Engineering and Computer Sciences, 26(4), 1698-1709. https:/doi.org/ 10.3906/elk-1711-410
• Kazi, A., Mungekar, M., Sawant, D. and Mirashi, P. 2023. Keylogger detection. International Research Journal of Modernization in Engineering Technology and Science, 05(04), 4897-4902. https:/doi.org/10.56726/irjmets37020
• Mohammed, M. A., Kadhem, S. M. and Maisa'a, A. A., 2021. Insider attacker detection based on body language and technical behavior using light gradient boosting machine (LightGBM). Tech-Knowledge, 1(1), 48-66.
• Moskovitch, R., Elovici, Y. and Rokach, L., 2008. Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics & Data Analysis, 52(9), 4544-4566. https://doi.org/10.1016/j.csda.2008.01.028
• Özdemir, D. and Çavşi Zaim, H., 2021. investigation of attack types in android operating system, Jornal of Scientific Reprots-A, 046, 34–58.
• Pillai, D. and Siddavatam, I., 2019. A modified framework to detect keyloggers using machine learning algorithm. International Journal of Information Technology, 11, 707-712. https:/doi.org/10.1007/s41870-018-0237-6
• Ruhani, A. B. B. and Zolkipli, M. F., 2023. Keylogger: The unsung hacking weapon. Borneo International Journal, 6(1), 33-43.
• Singh, A. P. and Singh, V., (2018). Infringement of prevention technique against keyloggers using sift attack. 2018 International Conference on Advanced Computation and Telecommunication (ICACAT), Bhopal, India, 1-4. https:/doi.org/10.1109/icacat.2018.8933805
• Wajahat, A., Imran, A., Latif, J., Nazir, A. and Bilal, A., (2019). A novel approach of unprivileged keylogger detection. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), Sukkur, Pakistan, 1-6, https:/doi.org/10.1109/icomet.2019.8673404
• https://www.kaggle.com/datasets/subhajournal/ keylogger-detection (01.05.2023)
• Lenaerts-Bergmans, B., Keyloggers: How They Work And How To Detect Them, https://www.crowdstrike.com/cybersecurity-101/attack-types/keylogger/ (01.06.2023)