From keyloggers to touchloggers: Take the rough with the smooth

详细信息    查看全文

• 作者：D. Damopoulos ; ^{ddamop@aegean.gr}Author Vitae ; G. Kambourakis ^{gkamb@aegean.gr}Author Vitae ; S. Gritzalis ^{sgritz@aegean.gr}Author Vitae
• 关键词：Behavioural biometrics ; Keyloggers ; Touchloggers ; Smartphones ; Malware ; iOS ; Security
• 刊名：Computers and Security
• 出版年：2013
• 出版时间：February, 2013
• 年：2013
• 卷：32
• 期：Complete
• 页码：102-114
• 全文大小：1499 K

文摘

The proliferation of touchscreen devices brings along several interesting research challenges. One of them is whether touchstroke-based analysis (similar to keylogging) can be a reliable means of profiling the user of a mobile device. Of course, in such a setting, the coin has two sides. First, one can employ the output produced by such a system to feed machine learning classifiers and later on intrusion detection engines. Second, aggressors can install touchloggers to harvest user's private data. This malicious option has been also extensively exploited in the past by legacy keyloggers under various settings, but has been scarcely assessed for soft keyboards. Compelled by these separate but interdependent aspects, we implement the first-known native and fully operational touchlogger for ultramodern smartphones and especially for those employing the proprietary iOS platform. The results we obtained for the first objective are very promising showing an accuracy in identifying misuses, and thus post-authenticating the user, in an amount that exceeds 99 % . The virulent personality of such software when used maliciously is also demonstrated through real-use cases.