Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques
Banking malware poses a significant threat to users by infecting their computers and then attempting to perform malicious activities such as surreptitiously stealing confidential information from them. Banking malware variants are also continuing to evolve and have been increasing in numbers for man...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/5/1/4 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849342163619414016 |
|---|---|
| author | Mohamed Ali Kazi |
| author_facet | Mohamed Ali Kazi |
| author_sort | Mohamed Ali Kazi |
| collection | DOAJ |
| description | Banking malware poses a significant threat to users by infecting their computers and then attempting to perform malicious activities such as surreptitiously stealing confidential information from them. Banking malware variants are also continuing to evolve and have been increasing in numbers for many years. Amongst these, the banking malware Zeus and its variants are the most prevalent and widespread banking malware variants discovered. This prevalence was expedited by the fact that the Zeus source code was inadvertently released to the public in 2004, allowing malware developers to reproduce the Zeus banking malware and develop variants of this malware. Examples of these include Ramnit, Citadel, and Zeus Panda. Tools such as anti-malware programs do exist and are able to detect banking malware variants, however, they have limitations. Their reliance on regular updates to incorporate new malware signatures or patterns means that they can only identify known banking malware variants. This constraint inherently restricts their capability to detect novel, previously unseen malware variants. Adding to this challenge is the growing ingenuity of malicious actors who craft malware specifically developed to bypass signature-based anti-malware systems. This paper presents an overview of the Zeus, Zeus Panda, and Ramnit banking malware variants and discusses their communication architecture. Subsequently, a methodology is proposed for detecting banking malware C&C communication traffic, and this methodology is tested using several feature selection algorithms to determine which feature selection algorithm performs the best. These feature selection algorithms are also compared with a manual feature selection approach to determine whether a manual, automated, or hybrid feature selection approach would be more suitable for this type of problem. |
| format | Article |
| id | doaj-art-d5c7db5db14b45bbb644a82a7d2c3d5c |
| institution | Kabale University |
| issn | 2624-800X |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Cybersecurity and Privacy |
| spelling | doaj-art-d5c7db5db14b45bbb644a82a7d2c3d5c2025-08-20T03:43:27ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2025-01-0151410.3390/jcp5010004Detecting Malware C&C Communication Traffic Using Artificial Intelligence TechniquesMohamed Ali Kazi0Department of Computer Science, School of Computing and Communications, Faculty of Science, Technology, Engineering & Mathematics, The Open University, Walton Hall, Milton Keynes MK7 6AA, UKBanking malware poses a significant threat to users by infecting their computers and then attempting to perform malicious activities such as surreptitiously stealing confidential information from them. Banking malware variants are also continuing to evolve and have been increasing in numbers for many years. Amongst these, the banking malware Zeus and its variants are the most prevalent and widespread banking malware variants discovered. This prevalence was expedited by the fact that the Zeus source code was inadvertently released to the public in 2004, allowing malware developers to reproduce the Zeus banking malware and develop variants of this malware. Examples of these include Ramnit, Citadel, and Zeus Panda. Tools such as anti-malware programs do exist and are able to detect banking malware variants, however, they have limitations. Their reliance on regular updates to incorporate new malware signatures or patterns means that they can only identify known banking malware variants. This constraint inherently restricts their capability to detect novel, previously unseen malware variants. Adding to this challenge is the growing ingenuity of malicious actors who craft malware specifically developed to bypass signature-based anti-malware systems. This paper presents an overview of the Zeus, Zeus Panda, and Ramnit banking malware variants and discusses their communication architecture. Subsequently, a methodology is proposed for detecting banking malware C&C communication traffic, and this methodology is tested using several feature selection algorithms to determine which feature selection algorithm performs the best. These feature selection algorithms are also compared with a manual feature selection approach to determine whether a manual, automated, or hybrid feature selection approach would be more suitable for this type of problem.https://www.mdpi.com/2624-800X/5/1/4banking malwareZeus malware variantsmachine learningbinary classification algorithmsautomated feature selectionmanual feature selection |
| spellingShingle | Mohamed Ali Kazi Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques Journal of Cybersecurity and Privacy banking malware Zeus malware variants machine learning binary classification algorithms automated feature selection manual feature selection |
| title | Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques |
| title_full | Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques |
| title_fullStr | Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques |
| title_full_unstemmed | Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques |
| title_short | Detecting Malware C&C Communication Traffic Using Artificial Intelligence Techniques |
| title_sort | detecting malware c c communication traffic using artificial intelligence techniques |
| topic | banking malware Zeus malware variants machine learning binary classification algorithms automated feature selection manual feature selection |
| url | https://www.mdpi.com/2624-800X/5/1/4 |
| work_keys_str_mv | AT mohamedalikazi detectingmalwarecccommunicationtrafficusingartificialintelligencetechniques |