MALWARE ACTIVITY DETECTION THROUGH BROWSER EXTENSION Jayanth Betha1, Prakash Andavolu2, Mariyala V V Gupta3 Department of Computer Science and Engineering, St

MALWARE ACTIVITY DETECTION THROUGH BROWSER EXTENSION Jayanth Betha1, Prakash Andavolu2, Mariyala V V Gupta3 Department of Computer Science and Engineering, St

MALWARE ACTIVITY DETECTION THROUGH BROWSER EXTENSION Jayanth Betha1, Prakash Andavolu2, Mariyala V V Gupta3 Department of Computer Science and Engineering, St. Martin’s Engineering College, India. Abstract stretch out beyond the contaminated PC. A The drastic growth in Internet users and Malware infection may aim to damage the files Digital assets worldwide has created on storage devices; however, a keylogger is opportunities for cybercriminals to break utilized to take individual data, such as email into systems. The massive increase in ID's or passwords. While there are numerous malware and cybercrime is seen all over the approaches used to secure against keyloggers, globe; people have become more dependent this study mainly focuses on the detection of on the web environment. Malware (Malicious keyloggers. This research report will provide an Software), is a software that opens the door in-depth study on types of secretly monitoring for cybercriminals to access sensitive malware (keyloggers). A browser based solution information from the computing devices. In (browser extension) is needed to detect and alert the current technology-dependent world, the user about the keyloggers. attacks upon sensitive user information have In today’s technology-dependent world, continued to grow over time steadily. A attacks upon sensitive user information have common threat to data security is Malware. continued to evolve steadily over time. A Symantec discovered more than 430 million common threat to data security is Malware. new unique pieces of malware in 2015, up 36 According to (Symantec’s 2016 Internet percent from the year before. The objective of Security Threat Report. (n.d.). Retrieved the proposed research is to provide a better October 24, 2016) "In 2015 more than 430 way to detect and prevent user information million new distinct segments of malware, from malware that secretly monitors user increased by 36 percent from the year before". activities on the web. Keylogger Malware is This research mainly focuses on keyloggers. A the primary focus of this research. In most of keylogger is a software that can record every the cases, malware will directly affect web keystroke made on the keyboard. A keylogger browsers, so a browser-based solution was can record instant messages, web form data like proposed to detect and prevent user login id's and passwords, e-mail and any information from malware. information typed using the keyboard. Some Index Terms: Keyloggers, Browser keylogger programs are intended to record Extension, Malware attacks, Malware website URLs visited by the user. Although not detection. always, keyloggers are used for malicious purposes, often used as the surveillance tool, by I. INTRODUCTION employers to ensure that employees use work Due to increase in number of Internet connected computers for business purposes only. devices, malware infections and data breaches Unfortunately, attackers combine keylogger have become so common. Keyloggers are a with a spyware program allowing the attacker to standout amongst the most understood and collect user information over the internet. We dreaded security dangers on PCs today. They are can add some extensions in our browser to steal dreaded because they are hard to recognize and passwords quickly. These are local keyloggers because the harm they do is regularly intended to which capture every keyboard stroke. There is a ISSN (PRINT): 2393-8374, (ONLINE): 2394-0697, VOLUME-4, ISSUE-7, 2017 48 INTERNATIONAL JOURNAL OF CURRENT ENGINEERING AND SCIENTIFIC RESEARCH (IJCESR) need to find ways to shield ourselves from Hardware-based keyloggers can be identified, keyloggers and their intent to destroy user but the software-based keyloggers can pose a computing experience. Based on how they significant threat if not detected quickly (Arora, perform the recording of keyboard key presses et al, 2016). there are different types of keyloggers. We will Keylogger is a tool used to screen the carry out a study on various kinds of keyloggers. keystrokes on the console. Its existence cannot Baig & Mahmood. (2007), did research on some be distinguished as it runs in the background. It existing techniques of fortification against can be utilized to acquire data such as usernames, key-loggers. The proposed research is to build a passwords and the credit card details (Wazid, et browser extension that regularly monitors al, 2013). keyloggers and alerts user about its presence. According to William Lopez, in Assumptions of the Study: "Keyloggers" (EEL-4789 GROUP 2 - The solution developed in this research is a web.eng.fiu.edu), at the point when the theoretical one, which can be fulfilled by keylogger has been installed, it can concentrate specific programming, which is out of the scope on its execution. Keylogger actualizes every of this report. method in an unexpected way, and most utilize a Research Objectives: simple performance strategy known as hooking. 1. The objective of the research is to provide Hooking is a mechanism used to alter the a solution for alerting the user about the behavior of an operating system by intercepting presence of keylogger in the computer messages passed between different applications. system. The implementation of a keylogger 2. The new method enhances the existing software is an easy task. But to develop a anti-keylogging methods. keylogger that performs malicious tasks one Definitions of Terms and Concepts: must put effort on its stealth execution Keylogger:Is malicious spyware program that is functionality. In any computer system, whenever used to capture sensitive user information, like a keyboard key is pressed a specific hardware login id's and passwords or financial interrupt is generated which interrupts the information, which is then sent to third parties system level message queue. The system tracks for criminal exploitation. A Keylogger can be the focused application at the time when the either software program or hardware device. keyboard interrupt was generated and passes the Malware: Specially crafted program which is key value to the application level message queue specifically designed to disrupt or damage a of that focused application. It is the computer system. responsibility of the application to handle this key according to the application requirement. II. LITERATURE REVIEW Most of the modern applications hook the system Digital Crime has turned into a level message queue during their normal course noteworthy danger to the honesty of information of execution. So, making a slight modification to possessed. Along with viruses and worms, one the normal course of execution, Muzammi and of the greatest threats to PC users on the Internet Mahmood (2007) stated that an application level today is malware. It can seize programs, redirect hook is maintained to capture the keystrokes by usersto malicious web pages, show bypassing the system level message queue which advertisements based on personal information, in turn blocks the keylogger program from track web history, and simplyruin things. Several recording the keystrokes. The researchers also of them will reinstall themselves even after mentioned issues caused by system-level hooks. eliminating them, or shroud themselves deeply They reviewed Signature Based Scanning and inside Windows, making them extremely hard to Non-Signature Based Scanning mechanisms of clean (Baratz, 2004) in his web article about anti-keylogging. malware. The proposed research in this project One of the ways to collect a delicate focuses on providing a solution by creating a piece of information from a system is by using a browser extension for detecting the presence of keylogger which tracks down the keyboard keylogger when using web forms. The results strokes, either using a Software-based keylogger will, however, be presented based on the or using a hardware-based keylogger. theoretical evidence. ISSN (PRINT): 2393-8374, (ONLINE): 2394-0697, VOLUME-4, ISSUE-7, 2017 49 INTERNATIONAL JOURNAL OF CURRENT ENGINEERING AND SCIENTIFIC RESEARCH (IJCESR) III. DESIGN in time. A preprogrammed date and time triggers It is imperative to protect personal computers and activates a logic bomb. Once activated, a and data from malicious software (malware). logic bomb executes a malicious code that Malware is software designed to infiltrate and disrupts a computer's normal operation. For steal a confidential piece of information from example, to exploit a server database an attacker computers without the user's consent. Malware can program a logic bomb that launches after a gets installed on a computer in the form of a specific number of database entries. A logic virus, worm, trojan horse, spyware, logic bomb, bomb is implemented by the attacker when he rootkit, or keylogger. One of the ways to collect fails to perform malicious operations like full a tender piece of information from a system is by database deletion. The words slag code and logic using a keylogger malware. bomb are interchangeable. Virus: A malicious program which can inject its Rootkit: A rootkit is a malicious software code into other programs or applications or data program designed to operate computer system files. After successful code injection,the targeted by hiding deep inside system kernel remotely. areas or program become infected. By definition Once a rootkit is installed it is possible for the virus installation is done without user’s consent attacker to execute files on the compromised and spreads in the form of executable code system remotely. The rootkit malware infected transferred from one computing machine to system can act as a botnet for DDOS attack. another. A virus program often performs data DDOS attack is an attempt to make a machine or deletion or corruption on the infected computing network resource unavailable to those trying to device which leading to system access it. Detection and removal of rootkit inoperability(SebastianZ, 2013). malware are challenging because of its stealthy Worm: Is a malicious program capable of nature. To detect and prevent the system from exploiting operating system vulnerabilities to this kind of malware it is compulsory to monitor spread.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us