Detecting Software Keyloggers with Dendritic Cell Algorithm

Abstract

As a kind of invisible spyware that records user’s keystrokes, software keyloggers have posed a great threat to user privacy and security. It is difficult to detect keyloggers because they run in a hidden mode. In this paper, an immune-inspired dendritic cell algorithm (DCA) was used to detect the existence of keyloggers on an infected host machine. The basis of the detection is facilitated through the correlation (including the timing relationships) between different behaviors such as keylogging, file access and network communication. The results of the experiments show that it is a successful technique for the detection of keyloggers without responding to normally running programs.