A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence

TL;DR

This paper introduces a stage-by-stage taxonomy of banking Trojans based on the cyber kill chain, aiding detection and mitigation strategies through evolutionary computational intelligence, validated on real-world data.

Contribution

It proposes a novel cyber kill chain based taxonomy for banking Trojans to improve detection and mitigation strategies using evolutionary computational intelligence.

Findings

Validated taxonomy with 127 real-world banking Trojans

Enhanced understanding of Trojan attack stages

Facilitated development of targeted mitigation strategies

Abstract

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organisation.