Techniques for detecting keyloggers in computer systems
First Claim
Patent Images
1. A computer-implemented method of detecting a keylogger in a computer, the method comprising:
- the computer generating a test string;
the computer writing the test string directly to an I/O (input/output) port of the computer for accepting keyboard input to perform a simulated keyboard input using the test string;
the computer monitoring for files that are modified during writing of the test string directly to the I/O port using a file system driver that monitors for file modifications in kernel mode;
the computer identifying a file detected by the file system driver as having been modified during the simulated keyboard input; and
after identifying the file as having been modified during simulated keyboard input, the computer detecting the keylogger by scanning the file for presence of the test string.
1 Assignment
0 Petitions
Accused Products
Abstract
Keyloggers are detected in a computer. A test string is generated in the computer. Keyboard input is simulated using the test string. The test string may be input to a hidden browser connected to a sensitive site or a hidden application program, for example. Files modified during the input procedure are detected. Processes running in memory and modified files are scanned for presence of the test string to detect keyloggers.
34 Citations
16 Claims
-
1. A computer-implemented method of detecting a keylogger in a computer, the method comprising:
-
the computer generating a test string; the computer writing the test string directly to an I/O (input/output) port of the computer for accepting keyboard input to perform a simulated keyboard input using the test string; the computer monitoring for files that are modified during writing of the test string directly to the I/O port using a file system driver that monitors for file modifications in kernel mode; the computer identifying a file detected by the file system driver as having been modified during the simulated keyboard input; and after identifying the file as having been modified during simulated keyboard input, the computer detecting the keylogger by scanning the file for presence of the test string. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
- 9. A computer comprising a processor and a memory, wherein the computer generates a test string, uses the test string to simulate entry of a keyboard input by writing the test string directly into an I/O (input/output) port of the computer for accepting keyboard input, uses a file system driver that monitors for file modifications in kernel mode to monitor for files that are modified during the simulated entry of the keyboard input, identifies a file detected by the file system driver as having been modified during the simulated entry of the keyboard input, and detects a keylogger by scanning the file for presence of the test string after the file has been identified as having been modified during the simulated entry of the keyboard input.
-
13. A computer-implemented method of detecting a keylogger in a computer, the method comprising:
-
the computer generating a test string; the computer writing the test string into an I/O (input/output) port of the computer for accepting a keyboard input; the computer entering the test string into a hidden window; the computer monitoring for one or more files that are modified during entry of the test string into the hidden window using a file system driver that monitors for file modifications in kernel mode; the computer identifying a file that has been detected by the file system driver as having been modified during entry of the test string into the hidden window; and the computer detecting the keylogger by scanning the file identified as having been modified during entry of the test string into the hidden window for presence of the test string. - View Dependent Claims (14, 15, 16)
-
Specification