CBFISKD: A Combinatorial-Based Fuzzy Inference System for Keylogger Detection

Abstract

A keylogger is a type of spyware that records keystrokes from the user’s keyboard to steal confidential information. The problems with most keylogger methods are the lack of simulated keylogger patterns, the failure to maintain a database of current keylogger attack signatures, and the selection of an appropriate threshold value for keylogger detection. In this study, a combinatorial-based fuzzy inference system for keylogger detection (CaFISKLD) was developed. CaFISKLD adopted back-to-back combinatorial algorithms to identify anomaly-based systems (ABS) and signature-based systems (SBS). The first combinatorial algorithm used a keylogger signature database to match incoming applications for keylogger detection. In contrast, the second combinatorial algorithm used a normal database to detect keyloggers that were not detected by the first combinatorial algorithm. As simulated patterns, randomly generated ASCII codes were utilized for training and testing the newly designed CaFISKLD. The results showed that the developed CaFISKLD improved the F1 score and accuracy of keylogger detection by 95.5% and 96.543%, respectively. The results also showed a decrease in the false alarm rate based on a threshold value of 12. The novelty of the developed CaFISKLD is based on using a two-level combinatorial algorithm for keylogger detection, using fuzzy logic for keylogger classification, and providing color codes for keylogger detection.