Skip navigation

An investigation to detect banking malware network communication traffic using machine learning techniques

An investigation to detect banking malware network communication traffic using machine learning techniques

Kazi, Mohamed ORCID logoORCID: https://orcid.org/0000-0001-5105-3581, Woodhead, Steve and Gan, Diane ORCID logoORCID: https://orcid.org/0000-0002-0920-7572 (2022) An investigation to detect banking malware network communication traffic using machine learning techniques. Journal of Cybersecurity and Privacy, 3 (1). pp. 1-23. ISSN 2624-800X (Online) (doi:10.3390/jcp3010001)

[thumbnail of Publisher VoR]
Preview
PDF (Publisher VoR)
38376_KAZI_An_investigation _to_detect_banking_malware_network_communication_traffic.pdf - Published Version
Available under License Creative Commons Attribution.

Download (5MB) | Preview

Abstract

Banking malware are malicious programs that attempt to steal confidential information, such as banking authentication credentials, from users. Zeus is one of the most widespread banking malware variants ever discovered. Since the Zeus source code was leaked, many other variants of Zeus have emerged, and tools such as anti-malware programs exist that can detect Zeus; however, these have limitations. Anti-malware programs need to be regularly updated to recognise Zeus, and the signatures or patterns can only be made available when the malware has been seen. This limits the capability of these anti-malware products because they are unable to detect unseen malware variants, and furthermore, malicious users are developing malware that seeks to evade signature-based anti-malware programs. In this paper, a methodology is proposed for detecting Zeus malware network traffic flows by using machine learning (ML) binary classification algorithms. This research explores and compares several ML algorithms to determine the algorithm best suited for this problem and then uses these algorithms to conduct further experiments to determine the minimum number of features that could be used for detecting the Zeus malware. This research also explores the suitability of these features when used to detect both older and newer versions of Zeus as well as when used to detect additional variants of the Zeus malware. This will help researchers understand which network flow features could be used for detecting Zeus and whether these features will work across multiple versions and variants of the Zeus malware.

Item Type: Article
Additional Information: This article belongs to the Special Issue Secure Software Engineering.
Uncontrolled Keywords: Zeus banking malware; Zeus malware variants; machine learning; binary classification algorithms; deep learning; feature selection
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified: 03 Jan 2023 16:57
URI: http://gala.gre.ac.uk/id/eprint/38376

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics