Abstract
The Zeus malware is one of the most prolific banking malware variants ever to be discovered and this paper examines how the Zeus malware network traffic can be detected using the Random Forest machine learning algorithm. The key to this paper is that the features used for the experimentation and detection of Zeus are manually selected, providing the researcher more control over which features that can and should be selected. This also helps the researcher understand the features and the impact they have on the accuracy of the Random Forest binary classification algorithm when used to detect the Zeus banking malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Morgan, S.: IBM’s CEO On Hackers: ‘Cyber Crime Is The Greatest Threat To Every Company In The World’ (2015). https://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/#1b1914e173f0. Accessed 5 Nov 2019
Clarke, J.: Cybercrime cost UK residents £210 each in the last year. http://www.independent.co.uk/news/uk/crime/cyber-crime-hacking-fraud-213-a-year-a7365816.html. Accessed 5 Nov 2019
Wueest, C.: Financial Threats Review 2017 (2017). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf. Accessed 5 Nov 2019
Macafee: Mobile Threat Report (2018). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf. Accessed 5 Nov 2019
InTELL: Gameover Zeus Background on the Badguys and the Backends (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf. Accessed 5 Nov 2019
Ibrahim, L.M., Thanon, K.H.: Analysis and detection of the Zeus botnet crimeware. Int. J. Comput. Sci. Inf. Secur. 13(9), 121 (2018)
Crowe, J.: Top 10 Banking Trojans for 2017: What You Need to Know (2017). https://blog.barkly.com/top-banking-trojans-2017. Accessed 5 Dec 2018
Etaher, N., Weir, G.R., Alazab, M.: From zeus to zitmo: trends in banking malware. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 1386–1391. IEEE, August 2015
Kazi, M., Woodhead, S., Gan, D.: A contempory taxonomy of banking malware In: First International Conference on Secure Cyber Computing and Communications. IEEE Xplore Digital library (2018)
Falliere, N., Chien, E.: Zeus King of the bots (2014). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/security-response-zeus-king-of-bots-09-en.pdf. Accessed 5 Nov 2019
Researcher, L.: Gameover: ZeuS with P 2P Functionality Disrupted (2014). https://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with-p2p-functionality-disrupted/. Accessed 5 Nov 2019
Lelli, A.: Zeusbot/Spyeye P 2P Updated, Fortifying the Botnet (2012). https://www.symantec.com/connect/blogs/zeusbotspyeye-p2p-updated-fortifying-botnet. Accessed 5 Nov 2019
Riccardi, M., Di Pietro, R., Palanques, M., Vila, J.: Titans’ revenge: detecting Zeus via its own flaws. Comput. Netw. 57(2), 422–435 (2013)
Andriesse, D., Bos, H.: An Analysis of the Zeus Peer-to-Peer Protocol (2014). https://syssec.mistakenot.net/papers/zeus-tech-report-2013.pdf. Accessed 6 Nov 2019
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Detecting objective-C malware through memory forensics. Digit. Investig. 18, S3–S10 (2007)
Azab, A., Alazab, M., Aiash, M.: Machine learning based botnet identification traffic. In: 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, Tianjin (2016)
Soniya, B., Wilscy, M.: Detection of randomized bot command and control traffic on an end-point host. Alex. Eng. J. 55(3), 2771–2781 (2016)
Mayo, M.: Frameworks for Approaching the Machine Learning Process (2018). https://www.kdnuggets.com/2018/05/general-approaches-machine-learning-process.html. Accessed 6 Nov 2019
Hüssy, R.: Zeustracker.abuse.ch (2014). https://zeustracker.abuse.ch/. Accessed 15 Feb 2019
Code.google.com. Google Code Archive - Long-term storage for Google Code Project Hosting (2014). https://code.google.com/archive/p/netmate-flowcalc/wikis/Features. Accessed 15 Nov 2019
Arndt, D.: DanielArndt/netmate-flowcalc (2011). https://github.com/DanielArndt/netmate-flowcalc. Accessed 6 Nov 2019
Albon, C.: Feature Selection Using Random Forest (2017). https://chrisalbon.com/machine_learning/trees_and_forests/feature_selection_using_random_forest/. Accessed 6 Nov 2019
Kaushik, S.: Feature selection methods with example (Variable selection methods) (2016). https://www.analyticsvidhya.com/blog/2016/12/introduction-to-feature-selection-methods-with-an-example-or-how-to-select-the-right-variables/. Accessed 6 Nov 2019
Liberman, N.: Decision Trees and Random Forests (2017). Available at: https://towardsdatascience.com/decision-trees-and-random-forests-df0c3123f991. Accessed 6 Nov 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kazi, M.A., Woodhead, S., Gan, D. (2020). Detecting the Zeus Banking Malware Using the Random Forest Binary Classification Algorithm and a Manual Feature Selection Process. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_23
Download citation
DOI: https://doi.org/10.1007/978-981-15-4825-3_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-4824-6
Online ISBN: 978-981-15-4825-3
eBook Packages: Computer ScienceComputer Science (R0)