A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Abstract

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy provides a stage-by-stage operational understanding of a cyber-attack, and can be highly beneficial to security practitioners and inform the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is built upon our analysis of a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organization.