“Implementation of Keylogger using HOOKUP

algorithm”

PROJECT SYNOPSIS
(2018-19)

BACHELOR OF TECHNOLOGY
Computer Scince and Engineering
Final Year

SUBMITTED BY:-
Chandan Singh - 1516610015
Mahesh Chandra Vishvakarma - 1516610023
Radharaman Dwivedi - 1516610028

SUBMITTED TO:-
Mr. Rohit Sharma
Head of Department, CSE

DR. AMBEDKAR INSTITUTE OF TECHNOLOGY FOR

HANDICAPPED, KANPUR, UP
(Affiliated to APJAKTU)
 Implementation of Keylogger using HOOKUP algorithm
Implementation of Image Steganography using LSB, RSA and Edge based algorithms

1. Abstract:

Computer security specialists work every day solving security problems and handling intrusions.
The experts try to avoid new security threats, but the intruders are trying to find new penetration
methods and sophisticated attacking methods to compromise computers. The number of intruders
is increasing in the computer world today. Keylogger programs attempt to retrieve confidential
information by covertly capturing user input via keystroke monitoring and then relaying this
information to others, often for malicious purposes. Keyloggers thus pose a major threat to
business and personal activities such as Internet transactions, online banking, email, or chat. To
deal with such threats, not only must users be made aware about this type of malware, but
software practitioners and students must also be educated in the design, implementation, and
monitoring of effective defenses against different keylogger attacks. This paper presents a case
for incorporating keylogging in cybersecurity education. First, the paper provides an overview of
keylogger programs, discusses keylogger design, implementation, and usage, and presents
effective approaches to detect and prevent keylogging attacks. Second, the paper outlines several
keylogging projects that can be incorporated into an undergraduate computing program to
educate the next generation of cybersecurity practitioners in this important topic.
The usage of keylogging is being used for monitoring and logging what attackers are doing when
performing attacks. Keylogging can log the entered keystrokes on hosts such as remote systems
and in honeypots. Collecting keystrokes is an important step towards understanding the hackers
and acquire knowledge about the attacks. Honeypots can tell security researchers how data is
stolen and where hackers hide their stolen data or which methods the hackers are using to take
control over a remote machine. Originally keyloggers where developed for servers with
operating systems accessing the hardware directly. However, the usage of visualization and
virtual machines is increasing rapidly for service providers in small and large organizations.
Keylogging in bare-metal technology and in virtual technologies can be different, since the
keystrokes might be interpreted differently depending on the hypervisor technology.

2. Problem Statement:

Within the topic keyloggers there are several solved and unsolved questions.
There exists surveys of keylogging on bare-metal technology for Linux and Windows based
systems today, but not surveys of keylogging for virtual technologies.

1. Do a survey on keyloggers on Windows- and Linux-based systems.

2
 Implementation of Keylogger using HOOKUP algorithm
Implementation of Image Steganography using LSB, RSA and Edge based algorithms

2. Investigate trough experiments how keyloggers function in both bare-metal and different
virtual environments and weather they log any keystroke, or only keystrokes from a limited
number of applications.
3. Analyze to what extent keyloggers can be detected.
4. Analyze to what extent time-stamp for keyloggers can be used to establish a time-line of the
events taking place.
5. Investigate to what extent the keylogging features of Kippo facilitates the analysis of SSH
attacks.

3. Introduction:
Obtaining and validating accurate timing for computer users has arguably become more difficult
over time as operating systems have become more complex (De Clercq et al., 2003; Myors,
1999). Naturalistic studies of computer use and human–computer interaction (HCI) studies,
nevertheless, often require accurate logging of keystrokes and mouse movements (Ritter et al.,
2013; also see Held et al. 1999 and Leijten andVan Waes 2006 for nice examples).
Consequently, there is a wide variety of testing environments but few general logging tools.

3.1

3
 ImplementationImplementation
of Image Steganography using
of Keylogger usingLSB, RSA andalgorithm
HOOKUP Edge based algorithms

1. Hardware Keylogger
2. Software Keylogger

Hardware keylogger is a device that is connected between the keyboard and the
input/output(I/O) input unit on the computers hardware for logging key strokes entered in the
computer. Some of hardware keyloggers works at BIOS level while some are based on keyboard
level. The hardware keyloggers does not require any driver or software and will work with all
Linux based operating systems as well as withWindows operating systems. Hardware keyloggers
are used for keystroke logging by means of a hardware circuit that is attached somewhere in
between the computer keyboard and the computer, typically in line with the keyboard’s cable
connector.

Software keylogger is installed on a computer, directly or by remote installation. The software

keylogger is invisible to the human eye, while hardware keylogger is easy to spot if a user checks
what is connected to the computer. Software-based keyloggers use the target computer’s
operating system in various ways, including: imitating a virtual machine, hypervisorbased or
virtual machine manager, acting as the keyboard driver(kernelbased), to watch keyboard strokes.
.

Software keylogger has following types:

A. User level keyloggers - A user level-based keylogger are the easiest to create, but also
the easiest to detect.[16] This is the most common method used when creating
keyloggers. The keylogger sets a global hook for all keyboard events for all threads in the
system. Normal keylogging application store their data on the local hard drive, but some
are can be configured to automatically transmit data over the network to a remote
computer, file server or web server. To install a keylogger on a computer system, one
need to have privileged rights. In MicrosoftWindows environment, administrator right are
needed or root rights in a Linux Ubuntu environment. This is because a keylogger needs
to interact with the hardware to a computer system, as Input/Output where the keyboard
have connection to the computer.
B. kernel-level keyloggers.- A kernel level-based keylogger is a program on the machine
that gets administrator permissions and hides itself in the operating system, and starts
intercepting keystrokes, because keystrokes always go through the kernel. A keylogger
using this method can act as a keyboard device driver for example, and thus gain access
to any information typed on the keyboard as it goes to the operating system. A user level-
based keylogger are the easiest to create, but also the easiest to detect.

4
 ImplementationImplementation of Keyloggerusing
of Image Steganography usingLSB,
HOOKUP
RSA andalgorithm
Edge based algorithms

3.2 Existing Techniques Used:

Hook based keyloggers. A hook process in Windows uses the function SetWindowsHookEx (),
the same functions that hook based keyloggers use. This is used to monitor the system for certain
types of events, for instance a keypress/mouse-click — however, hook based anti-keyloggers
block this passing of control from one hook procedure to another. This results in the keylogging
software generating no logs at all of the keystroke capture. Although hook based anti-keyloggers
are better than signature based anti-keyloggers, note that they still are incapable of stopping
kernel-based keyloggers.

Signature based keylogger. These are applications that typically identify a keylogger based on
the files or DLLs that it installs, and the registry entries that it makes. Although it successfully
identifies known keyloggers, it fails to identify a keylogger whose signature is not stored in its
database. Some anti-spyware applications use this approach, with varying degrees of success.
Most of the anti-virussoftware’s detect Keylogger application based on this approach.

4. Project Scope:

- Key Strokes Typed at any place

- Prevention of Information Leak From Organization
- Programs opened
- Title of documents, videos, music, etc opened
- Websites visited
- Online duration & uptime
- PC-wise and user wise analysis
- Control of Network Usage

5. Methodology:

The environment the keyloggers is tested on, are several servers with baremetal and different
virtual servers with different virtual technologies on each server for monitoring the way the
keystrokes are interpreted. A more wider test environment will gave a much better result and
analyses of keyloggers. Both the bare-metal and the virtual machines will for this research be
installed on Microsoft Windows 7 and Linux Ubuntu server 12.04 LTS machines.
The keyloggers will be tested to monitor if the keyloggers work and the keyloggers
performances. A big concern will be to use a keylogger that the attacker cannot detect and how
the keylogger uses time-stamps, if the keylogger has that future.

5
 Implementation of Keylogger using HOOKUP algorithm
Implementation of Image Steganography using LSB, RSA and Edge based algorithms

6. Graphical Representation:

7. Software and Technology :

Hardware Requirement:-

 1 gigahertz(GHz) or faster 32-bit (x86) or 64-bit (x64) processor

 1 GB RAM (32-bit) or 2 GB RAM (64-bit)
 20 GB avialable hard disk space
 DirectX 9 graphics device with WDDM 1.0 or higher driver

Software Requirement:

 Windows 2000/XP/2003/Vista
 Internet Connection
 JDK 1.6 or higher

6
 Implementation of Keylogger using HOOKUP algorithm
Implementation of Image Steganography using LSB, RSA and Edge based algorithms

8. Advantages:

- Protect intellectual property and business secrets

- Prevent and stop sabotage and data theft
- Prevent Internet/email abuse
- Reduce workplace slackers
·- Improve efficiency and productivity

9. References:

[1] Anil Kurmus, Aurelien Francillon, Davide Balzarotti, Erik-Oliver Blass, and Jonas
Zaddach. “Implementations and Implications of a Stealth HardDrive Backdoor.” Web.
[2] Apurva Pawar, Balaji Patil, and Hemita Pathak. "A Survey on Keylogger: A Malicious
Attack." Internation Journal of Advanced Research in Computer Engineering &
Technology4.4. 2015. Web.
[3] Brian Tschinkel, Bernard Esantsi, Dominick Iacovelli, Padma Nagesar, Richard Walz,
Vinnie Monaco, and Ned Bakelman. "Keylogger Keystroke Biometric System." Research
Gate. 2017. Web.
[4] Charles E. Frank, Donald H. Galli, and Kishore Subramanyam. "Keyloggers: The
Overlooked Threat to Computer Security." Web.
[5] Christofer Sean Cordes. "Monsters in the Closet: Spyware Awareness and Prevention."
Educause Quarterly. Web.
[6] Cliff C. Zou, Erich Dondyk, and Roberto Alberdeston. "Click-tracking Blocker: Privacy
Preservation
[7] Daniel McCarney, David Barrera, Jeremy Clark, Paul C. van Oorschot, and Sonia
Chaisson. “Tapas: Design, Implementation, and Usability Evaluation of a
Password Manager.” Web.
[8] Dawn Song, Devdatta Akhawe, Warren He, and Zhiwei Li. "The Emperor's New
Password Manager: Security Analysis of Web-based Password Managers." Web.
[9] Evangelos Ladakis, Giorgos Vasiliadis, Sotiris Ioannidis Lazaros Koromilas, and
Michalis Polychronakis. "You Can Type, but You Can't Hide: A Stealthy GPU-based
Keylogger." Web