Real-Time Exam Monitoring and Detection System for Suspicious Activity and AI Tool Usage

1. SYSTEM DESIGN

4.1 Input Sources

System Info Gathering: Retrieves hostname, IP, MAC address, OS, and hardware details using Python libraries.
Clipboard Monitoring: Detects content changes and captures screenshots.
AI Tools Detection: Monitors processes and active window titles for specific keywords.
Keylogging: Tracks specific keys like Tab to detect suspicious typing patterns.

4.2 Core Functionalities

Event Detection: Triggers actions based on detected activities (e.g., clipboard change, AI tool usage, key presses).
Screenshot Capture: Takes screenshots during suspicious activities.
Data Logging: Stores gathered information (e.g., clipboard content, system info) temporarily.
Email Notifications: Sends alerts with relevant details (e.g., screenshots, clipboard content, detected processes) using SMTP and MIME.

4.3 Email System Design

SMTP Configuration:
- Uses Gmail’s SMTP server (smtp.gmail.com) over port 587 for email transmission.
- Implements secure communication with TLS encryption.
- Authentication with Google App Passwords for enhanced security.
  - Google App Passwords: A secure, app-specific password generated via Google Account settings to avoid storing primary credentials.
MIME:

- Formats email messages with text and attachments (e.g., screenshots).
- Encodes binary data like screenshots in base64 for transmission.

4.4 Keylogging Integration:

Keylogger Detection:
- Tracks specific keys (e.g., Tab, Ctrl+C) using the pynput library.
- Logs keystrokes or triggers actions (e.g., sending an alert when a suspicious key is pressed).

4.5 Multithreaded Architecture:

Runs clipboard monitoring, AI detection, and active window monitoring in separate threads for efficient parallel processing.

4.6 Cloud/Backend Integration (Optional):

Cloud Storage:
- Store logs and screenshots in cloud platforms like Google Drive or AWS S3 for long-term analysis.
Webhook Integration:
- Trigger real-time alerts to a backend system for further analysis or integration with a dashboard.

4.7 Security Considerations:

Encryption:
- Use encrypted channels (e.g., TLS for email, HTTPS for public IP fetching) to prevent data leakage.
Access Control:
- Limit file access to the process to minimize tampering risks.
Anonymization:
- Avoid sending sensitive clipboard data unless explicitly required.

4.8 Implementation Steps for Google App Passwords

1. Enable 2-Step Verification:

o Navigate to your Google Account → Security → "2-Step Verification" and enable it.

2. Generate App Password:

o Go to App Passwords under Security.

o Choose the app type (e.g., "Mail") and device type.

o Generate a password, and use this instead of your actual Gmail password in the code.

1.9 SYSTEM ARCHITECTURE:

4.10 Enhanced Design:

For a scalable and robust system:

1. Logging:

o Store all events in local files or a database for auditing.

2. Remote Management:

o Create a web-based admin interface to manage detection parameters, view logs, and download reports.

3. Integration with SIEM:

o Send alerts to a Security Information and Event Management (SIEM) system for centralized monitoring.

CLICK ON EACH TAB TO KNOW MORE :

KEY LOGGERS

GOOGLE APP PASSWORDS

SMTP

MIME