Multi-layer detection of malicious keyloggers combining:
- π₯ Real-time process & file monitoring
- π Simulated keylogger for adversarial testing
- π€ Machine Learning classification (LogReg, Random Forest, Gradient Boosting)
- π Web-scraped process dataset for training
- Heuristic Monitor β watches running processes, suspicious file creation, and clipboard anomalies (
keylogger/py1). - Simulated Keylogger β generates malicious behavior for testing (
keylogger/py2). - Machine Learning β trains models on labeled process data (
keylogger_ml/ml_integration.py). - Data Collection β captures process snapshots & scrapes processlibrary.com for benign samples.
keylogger/ # Heuristic monitor & simulated keylogger
keylogger_ml/ # ML training & evaluation pipeline
task_manager.py # Process snapshot tool
web_scraping.py # Process name scraper
process_data.csv # Labeled dataset (malicious / benign)
Python, psutil, pynput, cryptography, scikit-learn
Data Handling: Pandas, NumPy
Visualization: Matplotlib, Seaborn
Scraping: BeautifulSoup4, lxml
Windows APIs: win32clipboard, ImageGrab
Integrate trained model into live monitor for real-time detection
Expand features beyond process names (e.g., behavioral metrics)
Add model persistence & dashboard alerts
Disclaimer: This project includes a simulated keylogger component for educational and research purposes only. Do not deploy on systems without explicit permission.