A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence
This work addresses the challenge of malware detection for security practitioners, but it is incremental as it builds on existing cyber kill chain concepts.
The authors tackled the problem of detecting evolving banking Trojans by proposing a cyber kill chain-based taxonomy of their features, validated on a real-world dataset of 127 samples from a UK financial organization.
Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organisation.