Skip to main content
SpringerLink
Log in

Detecting the Zeus Banking Malware Using the Random Forest Binary Classification Algorithm and a Manual Feature Selection Process

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1208))

Included in the following conference series:

  • 597 Accesses

Abstract

The Zeus malware is one of the most prolific banking malware variants ever to be discovered and this paper examines how the Zeus malware network traffic can be detected using the Random Forest machine learning algorithm. The key to this paper is that the features used for the experimentation and detection of Zeus are manually selected, providing the researcher more control over which features that can and should be selected. This also helps the researcher understand the features and the impact they have on the accuracy of the Random Forest binary classification algorithm when used to detect the Zeus banking malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Morgan, S.: IBM’s CEO On Hackers: ‘Cyber Crime Is The Greatest Threat To Every Company In The World’ (2015). https://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/#1b1914e173f0. Accessed 5 Nov 2019

  2. Clarke, J.: Cybercrime cost UK residents £210 each in the last year. http://www.independent.co.uk/news/uk/crime/cyber-crime-hacking-fraud-213-a-year-a7365816.html. Accessed 5 Nov 2019

  3. Wueest, C.: Financial Threats Review 2017 (2017). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf. Accessed 5 Nov 2019

  4. Macafee: Mobile Threat Report (2018). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf. Accessed 5 Nov 2019

  5. InTELL: Gameover Zeus Background on the Badguys and the Backends (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf. Accessed 5 Nov 2019

  6. Ibrahim, L.M., Thanon, K.H.: Analysis and detection of the Zeus botnet crimeware. Int. J. Comput. Sci. Inf. Secur. 13(9), 121 (2018)

    Google Scholar 

  7. Crowe, J.: Top 10 Banking Trojans for 2017: What You Need to Know (2017). https://blog.barkly.com/top-banking-trojans-2017. Accessed 5 Dec 2018

  8. Etaher, N., Weir, G.R., Alazab, M.: From zeus to zitmo: trends in banking malware. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 1386–1391. IEEE, August 2015

    Google Scholar 

  9. Kazi, M., Woodhead, S., Gan, D.: A contempory taxonomy of banking malware In: First International Conference on Secure Cyber Computing and Communications. IEEE Xplore Digital library (2018)

    Google Scholar 

  10. Falliere, N., Chien, E.: Zeus King of the bots (2014). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/security-response-zeus-king-of-bots-09-en.pdf. Accessed 5 Nov 2019

  11. Researcher, L.: Gameover: ZeuS with P 2P Functionality Disrupted (2014). https://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with-p2p-functionality-disrupted/. Accessed 5 Nov 2019

  12. Lelli, A.: Zeusbot/Spyeye P 2P Updated, Fortifying the Botnet (2012). https://www.symantec.com/connect/blogs/zeusbotspyeye-p2p-updated-fortifying-botnet. Accessed 5 Nov 2019

  13. Riccardi, M., Di Pietro, R., Palanques, M., Vila, J.: Titans’ revenge: detecting Zeus via its own flaws. Comput. Netw. 57(2), 422–435 (2013)

    Article  Google Scholar 

  14. Andriesse, D., Bos, H.: An Analysis of the Zeus Peer-to-Peer Protocol (2014). https://syssec.mistakenot.net/papers/zeus-tech-report-2013.pdf. Accessed 6 Nov 2019

  15. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Detecting objective-C malware through memory forensics. Digit. Investig. 18, S3–S10 (2007)

    Google Scholar 

  16. Azab, A., Alazab, M., Aiash, M.: Machine learning based botnet identification traffic. In: 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, Tianjin (2016)

    Google Scholar 

  17. Soniya, B., Wilscy, M.: Detection of randomized bot command and control traffic on an end-point host. Alex. Eng. J. 55(3), 2771–2781 (2016)

    Article  Google Scholar 

  18. Mayo, M.: Frameworks for Approaching the Machine Learning Process (2018). https://www.kdnuggets.com/2018/05/general-approaches-machine-learning-process.html. Accessed 6 Nov 2019

  19. Hüssy, R.: Zeustracker.abuse.ch (2014). https://zeustracker.abuse.ch/. Accessed 15 Feb 2019

  20. Code.google.com. Google Code Archive - Long-term storage for Google Code Project Hosting (2014). https://code.google.com/archive/p/netmate-flowcalc/wikis/Features. Accessed 15 Nov 2019

  21. Arndt, D.: DanielArndt/netmate-flowcalc (2011). https://github.com/DanielArndt/netmate-flowcalc. Accessed 6 Nov 2019

  22. Albon, C.: Feature Selection Using Random Forest (2017). https://chrisalbon.com/machine_learning/trees_and_forests/feature_selection_using_random_forest/. Accessed 6 Nov 2019

  23. Kaushik, S.: Feature selection methods with example (Variable selection methods) (2016). https://www.analyticsvidhya.com/blog/2016/12/introduction-to-feature-selection-methods-with-an-example-or-how-to-select-the-right-variables/. Accessed 6 Nov 2019

  24. Liberman, N.: Decision Trees and Random Forests (2017). Available at: https://towardsdatascience.com/decision-trees-and-random-forests-df0c3123f991. Accessed 6 Nov 2019

Download references

Author information

Authors and Affiliations

  1. Old Royal Naval College, The University of Greenwich, Park Row, London, SE10 9LS, UK

    Mohamed Ali Kazi, Steve Woodhead & Diane Gan

Authors
  1. Mohamed Ali Kazi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steve Woodhead
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Diane Gan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Ali Kazi .

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Trivandrum, India

    Sabu M. Thampi

  2. University of Murcia, Espinardo, Murcia, Spain

    Gregorio Martinez Perez

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan Ko

  4. Howard University, Washington, DC, USA

    Danda B. Rawat

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kazi, M.A., Woodhead, S., Gan, D. (2020). Detecting the Zeus Banking Malware Using the Random Forest Binary Classification Algorithm and a Manual Feature Selection Process. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-4825-3_23

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-4824-6

  • Online ISBN: 978-981-15-4825-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation