Dataset Construction and Analysis of Screenshot Malware

Hugo Sbai; Jassim Happa; Michael Goldsmith; Samy Meftali

doi:10.1109/TrustCom50675.2020.00091

Dataset Construction and Analysis of Screenshot Malware

Hugo Sbai, Jassim Happa, Michael Goldsmith, Samy Meftali

Department of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

197 Downloads (Pure)

Abstract

Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. However, there is not sufficient empirical and experimental evidence on this topic. Indeed, to the best of our knowledge, there is no dataset dedicated to screenshot-taking malware until today. The lack of datasets or common testbed platforms makes it difficult to analyse and study their behaviour in order to develop effective countermeasures. The screenshot feature is often a smart feature that does not activate automatically once the malware has infected the machine; the activation mechanisms of this function are often more complex. Consequently, a dataset which is completely dedicated to them would make it possible to better understand the subtleties of triggering screenshots and even to learn to distinguish them from the legitimate applications widely present on devices. The main purpose of this paper is to build such a dataset and analyse the behaviour of screenloggers.

Original language	English
Title of host publication	International Conference on Trust, Security and Privacy in Computing and Communications (Trustcom)
Publisher	IEEE
ISBN (Electronic)	978-0-7381-4380-4
ISBN (Print)	978-0-7381-4381-1
DOIs	https://doi.org/10.1109/TrustCom50675.2020.00091
Publication status	Published - 29 Dec 2020
Event	IEEE TrustCom2020 - Duration: 29 Dec 2020 → 1 Jan 2021 http://www.ieee-trustcom.org/TrustCom2020/

Conference

Conference	IEEE TrustCom2020
Period	29/12/20 → 1/01/21
Internet address	http://www.ieee-trustcom.org/TrustCom2020/

Keywords

Spyware
Screenlogger
Malware
Dataset
Behaviour Analysis
Malware Detection
Screencapture
Remote Access Trojan

Access to Document

10.1109/TrustCom50675.2020.00091

Accepted ManuscriptAccepted author manuscript, 7.02 MB

Cite this

@inproceedings{93ceeddcd8b2470f9905bb103f4035d1,

title = "Dataset Construction and Analysis of Screenshot Malware",

abstract = "Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. However, there is not sufficient empirical and experimental evidence on this topic. Indeed, to the best of our knowledge, there is no dataset dedicated to screenshot-taking malware until today. The lack of datasets or common testbed platforms makes it difficult to analyse and study their behaviour in order to develop effective countermeasures. The screenshot feature is often a smart feature that does not activate automatically once the malware has infected the machine; the activation mechanisms of this function are often more complex. Consequently, a dataset which is completely dedicated to them would make it possible to better understand the subtleties of triggering screenshots and even to learn to distinguish them from the legitimate applications widely present on devices. The main purpose of this paper is to build such a dataset and analyse the behaviour of screenloggers.",

keywords = "Spyware, Screenlogger, Malware, Dataset, Behaviour Analysis, Malware Detection, Screencapture, Remote Access Trojan",

author = "Hugo Sbai and Jassim Happa and Michael Goldsmith and Samy Meftali",

year = "2020",

month = dec,

day = "29",

doi = "10.1109/TrustCom50675.2020.00091",

language = "English",

isbn = "978-0-7381-4381-1",

booktitle = "International Conference on Trust, Security and Privacy in Computing and Communications (Trustcom)",

publisher = "IEEE",

note = "IEEE TrustCom2020 ; Conference date: 29-12-2020 Through 01-01-2021",

url = "http://www.ieee-trustcom.org/TrustCom2020/",

}

TY - GEN

T1 - Dataset Construction and Analysis of Screenshot Malware

AU - Sbai, Hugo

AU - Happa, Jassim

AU - Goldsmith, Michael

AU - Meftali, Samy

PY - 2020/12/29

Y1 - 2020/12/29

N2 - Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. However, there is not sufficient empirical and experimental evidence on this topic. Indeed, to the best of our knowledge, there is no dataset dedicated to screenshot-taking malware until today. The lack of datasets or common testbed platforms makes it difficult to analyse and study their behaviour in order to develop effective countermeasures. The screenshot feature is often a smart feature that does not activate automatically once the malware has infected the machine; the activation mechanisms of this function are often more complex. Consequently, a dataset which is completely dedicated to them would make it possible to better understand the subtleties of triggering screenshots and even to learn to distinguish them from the legitimate applications widely present on devices. The main purpose of this paper is to build such a dataset and analyse the behaviour of screenloggers.

AB - Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. However, there is not sufficient empirical and experimental evidence on this topic. Indeed, to the best of our knowledge, there is no dataset dedicated to screenshot-taking malware until today. The lack of datasets or common testbed platforms makes it difficult to analyse and study their behaviour in order to develop effective countermeasures. The screenshot feature is often a smart feature that does not activate automatically once the malware has infected the machine; the activation mechanisms of this function are often more complex. Consequently, a dataset which is completely dedicated to them would make it possible to better understand the subtleties of triggering screenshots and even to learn to distinguish them from the legitimate applications widely present on devices. The main purpose of this paper is to build such a dataset and analyse the behaviour of screenloggers.

KW - Spyware

KW - Screenlogger

KW - Malware

KW - Dataset

KW - Behaviour Analysis

KW - Malware Detection

KW - Screencapture

KW - Remote Access Trojan

U2 - 10.1109/TrustCom50675.2020.00091

DO - 10.1109/TrustCom50675.2020.00091

M3 - Conference contribution

SN - 978-0-7381-4381-1

BT - International Conference on Trust, Security and Privacy in Computing and Communications (Trustcom)

PB - IEEE

T2 - IEEE TrustCom2020

Y2 - 29 December 2020 through 1 January 2021

ER -