A novel behavioural screenlogger detection system

Conference item

Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. Moreover, on desktop environments, taking screenshots is a legitimate functionality used by many benign applications, which makes screenlogging activities particularly stealthy. However, existing malware detection approaches are not adapted to screenlogger detection due to the composition of their datasets and the way samples are executed. In this paper, we propose the first dynamic detection approach based on a dataset of screenloggers and legitimate screenshot-taking applications (built in a previous work), with a particular care given to the screenshot functionality during samples execution. We also propose a tailored detection approach based on novel features specific to screenloggers. This last approach yields better results than an approach using traditional API call and network features trained on the same dataset (minimum increase of 3.108% in accuracy).

Authors: Sbai, H; Happa, J; Goldsmith, M

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Springer
• Pages: 279-295
• Series: Lecture Notes in Computer Science
• Series number: 13118
• Publication date: 2021-11-27
• Acceptance date: 2021-09-03
• Event title: 24th Information Security Conference (ISC)
• Event location: Bali , Indonesia
• Event start date: 2021-11-09
• Event end date: 2021-11-13
• DOI: 10.1007/978-3-030-91356-4_15
• EISBN: 978-3-030-91356-4
• Language: English
• Keywords: FFR