A Bayesian Attack-Network Modeling Approach to Mitigating Malware-Based Banking Cyberattacks

Full Text (PDF, 1520KB), PP.25-39

Views: 0 Downloads: 0


Aaron Zimba 1,*

1. Department of Computer Science and Information Technology, Mulungushi University

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2022.01.03

Received: 6 Apr. 2021 / Revised: 13 Jun. 2021 / Accepted: 13 Aug. 2021 / Published: 8 Feb. 2022

Index Terms

Cyberattack, Crimeware, Banking malware, Bayesian network, GameOver Zeus


According to Cybersecurity Ventures, the damage related to cybercrime is projected to reach $6 trillion annually by 2021. The majority of the cyberattacks are directed at financial institutions as this reduces the number of intermediaries that the attacker needs to attack to reach the target - monetary proceeds. Research has shown that malware is the preferred attack vector in cybercrimes targeted at banks and other financial institutions. In light of the above, this paper presents a Bayesian Attack Network modeling technique of cyberattacks in the financial sector that are perpetuated by crimeware. We use the GameOver Zeus malware for our use cases as it’s the most common type of malware in this domain. The primary targets of this malware are any users of financial services. Today, financial services are accessed using personal laptops, institutional computers, mobile phones and tablets, etc. All these are potential victims that can be enlisted to the malware’s botnet. In our approach, phishing emails as well as Common Vulnerabilities and Exposures (CVEs) which are exhibited in various systems are employed to derive conditional probabilities that serve as inputs to the modeling technique. Compared to the state-of-the-art approaches, our method generates probability density curves of various attack structures whose semantics are applied in the mitigation process. This is based on the level exploitability that is deduced from the vertex degrees of the compromised nodes that characterizes the probability density curves.

Cite This Paper

Aaron Zimba, "A Bayesian Attack-Network Modeling Approach to Mitigating Malware-Based Banking Cyberattacks", International Journal of Computer Network and Information Security(IJCNIS), Vol.14, No.1, pp.25-39, 2022. DOI:10.5815/ijcnis.2022.01.03


[1] V. Khattri and D. K. Singh, “Implementation of an Additional Factor for Secure Authentication in Online Transactions,” J. Organ. Comput. Electron. Commer., 2019.

[2] M. Tripathi and A. Mukhopadhyay, “Financial Loss due to a Data Privacy Breach: An Empirical Analysis,” J. Organ. Comput. Electron. Commer., 2020.

[3] H. Binsalleeh et al., “On the analysis of the Zeus botnet crimeware toolkit,” in PST 2010: 2010 8th International Conference on Privacy, Security and Trust, 2010.

[4] H. Kennedy, “A Brief History of Web Design,” in Net Work, London: Palgrave Macmillan, 2014.

[5] “Internet Stats & Facts (2020),” Web Hosting Facts, 2020. [Online]. Available: https://hostingfacts.com/internet-facts-stats/. [Accessed: 10-Apr-2020].

[6] L. C. Vitorino, A. Lisboa, and R. J. Antunes, “Digital Era: How Marketing Communication Develops Business Innovation–Case Studies,” in Journal of Business Ethics, 2020.

[7] C. R. Srinivasan, “Hobby hackers to billion-dollar industry: the evolution of ransomware,” Comput. Fraud Secur., 2017.

[8] M. Riccardi, R. Di Pietro, M. Palanques, and J. A. Vila, “Titans’ revenge: Detecting Zeus via its own flaws,” Comput. Networks, 2013.

[9] A. Zimba and D. Kunda, “Modeling of ICS/SCADA Crypto-Viral Attacks in Cloud-Enabled Environments,” 2020.

[10] T. Ahmad, “Corona Virus (COVID-19) Pandemic and Work from Home: Challenges of Cybercrimes and Cybersecurity,” SSRN Electron. J., 2020.

[11] S. Morgan, “Global Cybersecurity Spending Predicted To Exceed $1 Trillion From 2017-2021,” Cyber-Crime Magazine, Californoa, p. 1, Jun-2019.

[12] K. Bissell, R. Lasalle, and P. Dal Cin, “2019 Cost of Cybercrime Study | 9th Annual | Accenture,” Ninth Annual Cost of Cybercrime Study, 2019.

[13] R. Rishabh RB, “Flaws in E-Banking: A Prey to Cyber Hunters,” Natl. J. Cyber Secur. Law, vol. 1, no. 2, pp. 8–15, 2019.

[14] M. J. Haber and M. J. Haber, “Privileged Attack Vectors,” in Privileged Attack Vectors, 2020.

[15] A. K. Sood and R. J. Enbody, “Crimeware-as-a-service-A survey of commoditized crimeware in the underground market,” Int. J. Crit. Infrastruct. Prot., 2013.

[16] O. of F. Research, “Cybersecurity and Financial Stability: Risks and Resilience,” Off. Financ. Res., 2017.

[17] M. K. H. Hamid Uddin, Hakim Ali, “Cybersecurity hazards and financial system vulnerability: a synthesis of literature,” Risk Manag., vol. 22, no. 3, 2020.

[18] P. Dzhaparov, “Cyber risks – the big challenge facing banks,” Econ. Comput. Sci., vol. 1, pp. 6–18, 2020.

[19] A. K. Marnerides, P. Spachos, P. Chatzimisios, and A. U. Mauthe, “Malware detection in the cloud under Ensemble Empirical Mode Decomposition,” in 2015 International Conference on Computing, Networking and Communications, ICNC 2015, 2015.

[20] C. G. and M. van E. Samaneh Tajalizadehkhoob, Hadi Asghari, “Why them? Extracting intelligence about target selection from Zeus financial malware,” in 13th Annual Workshop on the Economics of Information Security, 2014, pp. 1–26.

[21] A. Mohaisen and O. Alrawi, “Unveiling zeus automated classification of malware samples,” in WWW 2013 Companion - Proceedings of the 22nd International Conference on World Wide Web, 2013.

[22] A. Bouveret, “Estimation of losses due to cyber risk for financial institutions,” J. Oper. Risk, 2019.

[23] D. Kiwia, A. Dehghantanha, K. K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., 2018.

[24] N. Etaher and G. R. S. Weir, “Understanding the Threat of Banking Malware,” Proc. Cyberforensics, 2014.

[25] N. Etaher, G. R. S. Weir, and M. Alazab, “From ZeuS to zitmo: Trends in banking malware,” in Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Trust Com 2015, 2015.

[26] M. Eslahi, R. Salleh, and N. B. Anuar, “MoBots: A new generation of botnets on mobile devices and networks,” in ISCAIE 2012 - 2012 IEEE Symposium on Computer Applications and Industrial Electronics, 2012.

[27] S. Z. Michele Carminati, Luca Santini, Mario Polino, “Evasion Attacks against Banking Fraud Detection Systems,” in 23rd International Symposium on Research in Attacks, Intrusions and Defenses, 2020, pp. 285–300.

[28] M. Shankarapani and S. Mukkamala, “Anatomy of banking trojans-zeus crimeware (how similar are its variants),” in 6th International Conference on Information Warfare and Security, ICIW 2011, 2011.

[29] “The FBI vs. GameOver Zeus: Why The DGA-Based Botnet Wins,” Lital Asher-Dotan, 2015. [Online]. Available: https://www.cybereason.com/blog/the-fbi-vs-gameover-zeus-why-the-dga-based-botnet-wins. [Accessed: 10-Sep-2020].

[30] M. Schwartz, “Gameover Zeus Trojan Continues Resurgence,” Malware Variants Steam Ahead After “Operation Tovar” Takedown. [Online]. Available: https://www.bankinfosecurity.com/gameover-a-7237. [Accessed: 13-Sep-2020].

[31] Dan Goodin, “Zeus bot found using Amazon’s EC2 as C&C server,” The Register, 2009. [Online]. Available: https://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/. [Accessed: 10-Nov-2019].

[32] K. Dahbur, B. Mohammad, and A. B. Tarakji, “A survey of risks, threats and vulnerabilities in cloud computing.” ACM, Amman, Jordan, p. 12, 2011.

[33] A. Hutchings, R. G. Smith, and L. James, “Cloud computing for small business: Criminal and security threats and prevention measures,” Trends Issues Crime Crim. Justice, vol. 456, no. 1, pp. 1–8, 2013.

[34] C. Babcock, “Zeus Bot Appears in EC2 Cloud, Detected, Dismissed,” InformationWeek, 2009. [Online]. Available: https://www.informationweek.com/cloud/zeus-bot-appears-in-ec2-cloud-detected-dismissed/d/d-id/1085531. [Accessed: 09-Sep-2019].

[35] D. Sullivan, “Beyond the Hype: Advanced Persistent Threats,” Essentials Ser. Adv. Persistent Threat. Real-Time Threat Manag., 2010.

[36] W. P. and L. J.C, “Threat Analysis of Cyber Attacks with Attack Tree+,” J. Inf. Hiding Multimed. Signal Process., vol. 5, no. 4, 2013.

[37] Dr Mark Scanlon and Dr Nhien-An Le-Khac, “Proceedings of the 16th European Conference on Cyber Warfare and Security ECCWS 2017,” in Proceedings of the 16th European Conference on Cyber Warfare and Security ECCWS 2017, 2017.

[38] J.-S. L. Ci-Bin Jiang, “Exploring Global IP-Usage Patterns in Fast-Flux Service Networks,” J. Comput., vol. 12, no. 4, pp. 371–380, 2017.

[39] M. Korolov, “GameOver ZeuS criminals spied on Turkey, Georgia, Ukraine and OPEC,” CSO Online, 2015. [Online]. Available: https://www.csoonline.com/article/2961065/cyber-attacks-espionage/gameover-zeus-criminals-spied-on-turkey-georgia-ukraine-and-opec.html. [Accessed: 10-Oct-2019].

[40] P. Black and J. Opacki, “Anti-analysis trends in banking malware,” 2016 11th International Conference on Malicious and Unwanted Software, MALWARE 2016. IEEE, New York, pp. 1–7, 2017.

[41] A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, and G. Eaton, “Behavioral analysis of botnets for threat intelligence,” Inf. Syst. E-bus. Manag., 2012.

[42] A. Gezer, G. Warner, C. Wilson, and P. Shrestha, “A flow-based approach for Trickbot banking trojan detection,” Comput. Secur., 2019.

[43] M. Sandee, “Gameover Zeus: Backgrounds on the bad guys and the backends,” 2015.

[44] NIST, “Common Vulnerability Scoring System Calculator,” NIST , 2020.

[45] MITRE, “CVE - Common Vulnerabilities and Exposures,” Common Vulnerabilities Expo., 2016.

[46] MITRE, “CVE - Common Vulnerabilities and Exposures,” Common Vulnerabilities Expo., 2016.

[47] FIRST, “Common Vulnerability Scoring System v3.0: Specification Document,” Forum of Incident Response and Security Teams (FIRST). 2015.

[48] A. Zimba, H. Chen, and Z. Wang, “Bayesian network based weighted APT attack paths modeling in cloud computing,” Futur. Gener. Comput. Syst., vol. 96, 2019.

[49] T. Gaidosch, F. Adelmann, A. Morozova, and C. Wilson, “Cybersecurity Risk Supervision,” Dep. Pap. / Policy Pap., vol. 19, no. 15, Sep. 2019.

[50] B. Donohue, “Chthonic Zeus Variant Targeting Online Bank Users Globally,” Kaspersky Daily. [Online]. Available: https://www.kaspersky.com/blog/new_chthonic_zeus_malware/7062/. [Accessed: 02-Oct-2020].

[51] V. Zakorzhevsky, . “Kaspersky Securelist (July 2010). Zbot and CVE2010-0188,” Kaspersky, 2010. [Online]. Available: https://securelist.com/zbot-and-cve2010-0188/29619/.

[52] L. Watkins, C. Kawka, C. Corbett, and W. H. Robinson, “Fighting banking botnets by exploiting inherent command and control vulnerabilities,” in Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014, 2014.

[53] S. O. R, Ragan, “Cloudbots: Harvesting crypto coins like a botnet farmer,” BlackHat USA, 2014.

[54] F. Arnold, H. Hermanns, R. Pulungan, and M. Stoelinga, “Time-dependent analysis of attacks,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014.

[55] S. GOUTAL, “Methods and systems for phishing detection,” US9398047B2, 2016.

[56] E. J. Williams, J. Hinds, and A. N. Joinson, “Exploring susceptibility to phishing in the workplace,” Int. J. Hum. Comput. Stud., 2018.

[57] A. D. Broido and A. Clauset, “Scale-free networks are rare,” Nat. Commun., 2019.

[58] Rajendra Gupta, Piyush Kumar Shukla,"Experimental Analysis of Browser based Novel Anti-Phishing System Tool at Educational Level", International Journal of Information Technology and Computer Science, Vol.8, No.2, pp.78-84, 2016.

[59] Muhammad Iqbal, Malik Muneeb Abid, Mushtaq Ahmad, Faisal Khurshid,"Study on the Effectiveness of Spam Detection Technologies", International Journal of Information Technology and Computer Science, Vol.8, No.1, pp.11-21, 2016.

[60] Engels Rajangam, Chitra Annamalai,"Graph Models for Knowledge Representation and Reasoning for Contemporary and Emerging Needs – A Survey", International Journal of Information Technology and Computer Science, Vol.8, No.2, pp.14-22, 2016.

[61] Shun-Li Lou, Xu-Hua Yang,"Random Connection Based Scale-free Networks", International Journal of Information Technology and Computer Science, vol.5, no.6, pp.10-15, 2013.

[62] Pantic N, Husain MI. "Covert botnet command and control using twitter". In Proceedings of the 31st annual computer security applications conference 2015 Dec 7 (pp. 171-180).