Securing Keystroke Data: An ML-Based Approach to Keylogger Defense

Abstract

Keyloggers pose a significant threat to cybersecurity by covertly capturing every keystroke a user makes, which can lead to identity theft, unauthorized access, and data breaches. This paper introduces a thorough, multilayered strategy to combat keylogging attacks through detection, mitigation, and obfuscation. Our system utilizes a machine learning-based Random Forest Classifier to precisely detect suspicious keylogging activities. Upon detection, the system promptly isolates and terminates the keylogger process to prevent further compromise of data. Furthermore, the obfuscation module ensures that even if a keylogger captures keystrokes, the data are scrambled and rendered useless. By employing real-time behavioral monitoring and intelligent countermeasures, this solution enhances detection accuracy, accelerates response times, and fortifies defenses against evolving keylogger techniques. The experimental results validated the effectiveness of the system in protecting sensitive user information from keylogging threats.

Introduction

Keyloggers pose a serious and evolving cybersecurity threat by secretly recording keystrokes to steal sensitive data like passwords and banking information. Traditional security measures, such as antivirus and signature-based detection, struggle to identify sophisticated and stealthy keyloggers, especially as IoT devices and cloud computing expand. Attackers increasingly use encrypted and memory-based keylogging methods, making detection more difficult.

To address these challenges, this paper proposes an integrated cybersecurity framework combining machine learning (using a Random Forest Classifier), process isolation, and keystroke obfuscation. The system detects keylogger behavior in real time, isolates and terminates malicious processes, and disrupts captured keystrokes through randomization techniques, effectively neutralizing data theft. Experimental results show high detection accuracy (96.2%), low false positives (2.1%), rapid response (under 1.1 seconds), and minimal system resource use, outperforming existing approaches.

The work draws on extensive literature around IoT security, AI-driven intrusion detection, and recent advances in deep learning, emphasizing the need for adaptive, energy-efficient, and robust security solutions in dynamic threat landscapes. The proposed framework is validated through controlled tests and real-world deployment, showing promise as a comprehensive defense against modern keylogging attacks.

Conclusion

This study introduces a novel and efficient method for identifying, reducing, and neutralizing keylogger threats, thereby significantly boosting cybersecurity. The proposed model combines machine-learning-based detection, quick mitigation strategies, and keystroke obfuscation, achieving a detection accuracy of 96.2%, a false positive rate of just 2.1%, and a rapid response time of 0.45 seconds. These outcomes surpass those of traditional models, such as the Hybrid Dendritic Cell Algorithm (DCA) [3] and honeypot-based IDS [6], which have lower detection rates and slower response times. Additionally, with a 99.3% success rate in obfuscation, the system ensures that even if keystrokes are intercepted, they remain indecipherable, rendering keyloggers ineffective [9]. Compared to current cybersecurity methods [1], [2], [4], the proposed model not only improves the detection efficiency but also includes an advanced obfuscation mechanism that actively disrupts keylogging attempts in real time. This additional security layer offers superior protection against evolving threats. Moreover, the system operates with minimal resource usage (2.4% CPU and 85 MB RAM) [7], making it suitable for deployment on various platforms including devices with limited resources [5]. This study is consistent with previous research highlighting the significance of AI-driven threat detection and mitigation [8], [10]. The successful incorporation of machine-learning techniques ensures a highly adaptable and scalable cybersecurity solution. Future improvements could explore deep learning algorithms to further enhance detection accuracy, increase precision, and optimize obfuscation techniques to reduce latency [11]. Additionally, expanding the dataset to include new keylogger variants will improve the generalization capabilities of the model [12], [13].

References

[1] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, \"Internet of Things security: A top-down survey,\" Comput. Netw., vol. 141, pp. 199–221, Aug. 2018. Available: (https://doi.org/10.1016/j.comnet.2018.04.010) [2] S. Al-Sarawi, M. Anbar, K. Alieyan, and M. Alzubaidi, \"Internet of Things (IoT) communication protocols: Review,\" in Proc. 8th Int. Conf. Inf. Technol. (ICIT), Amman, Jordan, May 2017, pp. 685–690. Available: (https://ieeexplore.ieee.org/document/7920903) [3] M. M. Islam, A. Rahaman, and M. R. Islam, \"Development of smart healthcare monitoring system in IoT environment,\" Social Netw. Comput. Sci., vol. 1, no. 3, pp. 1–11, May 2020. Available: (https://doi.org/10.1007/s42979-020-00223-9) [4] G. Mois, S. Folea, and T. Sanislav, \"Analysis of three IoT-based wireless sensors for environmental monitoring,\" IEEE Trans. Instrum. Meas., vol. 66, no. 8, pp. 2056–2064, Aug. 2017.Available:(https://ieeexplore.ieee.org/document/7905045 [5] T. A. Al-Amiedy, M. Anbar, B. Belaton, A. A. Bahashwan, I. H. Hasbullah, M. A. Aladaileh, and G. A. Mukhaini, \"A systematic literature review on attacks defense mechanisms in RPL-based 6LoWPAN of Internet of Things,\" Internet Things, vol. 22, Jul. 2023, Art. no. 100741. Available:(https://doi.org/10.1016/j.iot.2023.100741) [6] J. Tong, W. Sun, and L. Wang, \"An information flow security model for homearea network of smart grid,\" in Proc. IEEE Int. Conf. Cyber Technol. Automat., Control Intell. Syst., Nanjing, China, May 2013, pp. 456–461. Available: (https://ieeexplore.ieee.org/document/6558285) [7] P. K. Reddy Maddikunta, G. Srivastava, T. Reddy Gadekallu, N. Deepa, and P. Boopathy, \"Predictive model for battery life in IoT networks,\" IET Intell. Transp. Syst., vol. 14, no. 11, pp. 1388–1395, Nov. 2020. Available:(https://doi.org/10.1049/iet-its.2019.0512) [8] C. Iwendi, P. K. R. Maddikunta, T. R. Gadekallu, K. Lakshmanna, A. K. Bashir, and M. J. Piran, \"A metaheuristic optimization approach for energy efficiency in the IoT networks,\" Softw., Pract. Exper., vol. 51, no. 12, pp. 2558–2571,Feb.2020. Available:(https://doi.org/10.1002/spe.2823) [9] Y. Sanjalawe and T. Althobaiti, \"DDoS attack detection in cloud computing based on ensemble feature selection and deep learning,\" Comput., Mater. Continua, vol. 75, no. 2, pp. 3571–3588,2023. Available:(https://doi.org/10.32604/cmc.2023.027042) [10] \"BoT-IoT Dataset.\" Accessed: May 4, 2023. Available:(https://research.unsw.edu.au/projects/bot-iot-dataset) [11] A. Salam and S. Shah, \"Urban underground infrastructure monitoring IoT: The path loss analysis,\" in Proc. IEEE 5th World Forum Internet Things (WF-IoT), Apr. 2019, pp. 398–401. Available:(https://ieeexplore.ieee.org/document/8767264) [12] Y. Hajjaji, W. Boulila, I. R. Farah, I. Romdhani, and A. Hussain, \"Big data and IoT-based applications in smart environments: A systematic review,\" Comput. Sci. Rev., vol. 39,Feb.2021,Art.no.100318. Available:(https://doi.org/10.1016/j.cosrev.2020.100318) [13] A. Al-Ali, I. A. Zualkernan, M. Rashid, R. Gupta, and M. Alikarar, \"A smart home energy management system using IoT and big data analytics approach,\" IEEE Trans. Consum. Electron., vol. 63, no. 4, pp. 426–434, Nov. 2017. Available:(https://ieeexplore.ieee.org/document/8265185) [14] A. Churcher, R. Ullah, J. Ahmad, S. Ur Rehman, F. Masood, M. Gogate, F. Alqahtani, B. Nour, and W. J. Buchanan, \"An experimental analysis of attack classification using machine learning in IoT networks,\" Sensors, vol. 21, no. 2,p.446,Jan.2021. Available:(https://doi.org/10.3390/s21020446) [15] A. Shafique, J. Ahmed, W. Boulila, H. Ghandorh, J. Ahmad, and M. U. Rehman, \"Detecting the security level of various cryptosystems using machine learning models,\" IEEE Access, vol. 9, pp. 9383–9393, 2021. Available:(https://doi.org/10.1109/ACCESS.2021.3057739) [16] B. I. Farhan and A. D. Jasim, \"A survey of intrusion detection using deep learning in Internet of Things,\" Iraqi J. Comput. Sci. Math., vol. 3, pp. 83–93, Jan. 2022. Available:(https://doi.org/10.52866/ijcsm.2022.01.01.011) [17] A. Abbas, M. A. Khan, S. Latif, M. Ajaz, A. A. Shah, and J. Ahmad, \"A new ensemble-based intrusion detection system for Internet of Things,\" Arabian J. Sci. Eng., vol. 47, no. 2, pp. 1805–1819,Feb.2022. Available:(https://doi.org/10.1007/s13369-021-06190-w) [18] V. Bolón-Canedo and A. Alonso-Betanzos, \"Recent advances in ensembles for feature selection,\" Intell. Syst. Reference Library, vol. 147, no. 1, p. 188, 2018. Available:(https://doi.org/10.1007/978-3-319-90054-9_8) [19] Y. Alotaibi and M. Ilyas, \"Ensemble-learning framework for intrusion detection to enhance Internet of Things’ devices security,\" Sensors, vol. 23, no. 12, p. 5568, Jun. 2023. Available:(https://doi.org/10.3390/s23125568) [20] C. Luo, Z. Tan, G. Min, J. Gan, W. Shi, and Z. Tian, \"A novel web attack detection system for Internet of Things via ensemble classification,\" IEEE Trans. Ind. Informat., vol. 17, no.8,pp.5810–5818,Aug.2021. Available:(https://doi.org/10.1109/TII.2021.3048827)

Copyright

Copyright © 2025 P. Sowjanya , Sai Yashwanth Vakada, Seela Bhavana, Ch. Venkatesh, V. V. Pavan. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.