Title: Comparing the performance of supervised machine learning algorithms when used with a manual feature selection process to detect Zeus malware

Authors: Mohamed Ali Kazi; Steve Woodhead; Diane Gan

Addresses: Computer and Networks, University of Greenwich, London, England, UK ' Computer and Networks, University of Greenwich, London, England, UK ' Computer and Information Systems, University of Greenwich, London, England, UK

Abstract: The Zeus banking malware is one of the most prolific banking malware variants ever to be discovered and this paper compares and analyses the performance of several supervised Machine Learning (ML) algorithms when used to detect the Zeus banking malware (Zeus). The key to this paper is that the features that are used for the analysis and detection of Zeus are manually selected, providing the researcher better control over which features that can and should be selected. This also helps the researcher understand the features and the impact that the various feature combinations have on the accuracy of the algorithms when used to detect Zeus. The empirical analysis showed that the Decision Tree and Random Forest algorithms produced the best results as they detected all the Zeus samples. The empirical analysis also showed that selecting the feature combinations manually produces varying results allowing the researchers to understand how the features impact the detection accuracy.

Keywords: Zeus banking malware; machine learning; binary classification algorithms; supervised machine learning; manual feature selection.

DOI: 10.1504/IJGUC.2022.126167

International Journal of Grid and Utility Computing, 2022 Vol.13 No.5, pp.495 - 504

Received: 06 Feb 2020
Accepted: 25 Nov 2020
Published online: 14 Oct 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article