Research Article
BibTex RIS Cite
Year 2022, Volume: 10 Issue: 4, 377 - 387, 19.10.2022
https://doi.org/10.17694/bajece.1031021

Abstract

References

  • M. Edwin Agwu, “Analysis of Obstacles to Uptake of Internet Banking Services in Nigeria” Research Journal & Management-RJBM (2015), Vol.2(1)doi:10.17261/Pressacademia.201519824 Available: https://dergipark.org.tr/tr/download/article-file/375170
  • M. Zainab Alkhalil, Chaminda Hewage “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy” Liqaa Nawaf and Imtiaz Khan Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff, United Kingdom Front. Comput. Sci., 09 March 2021 Available: https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full
  • Debbie Walkowski “Banking Trojans: A Reference Guide to the Malware Family Tree By Remi Cohen Additional Contributions” August 09, 2019 Available: https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree
  • Cybersecurity and Infrastructure Security Team “Emotet Malware” July 20, 2018 Last Revised: January 23, 2020 Available: https://us-cert.cisa.gov/ncas/alerts/TA18-201A
  • Michelle Drolet “What is Emotet? And how to guard against this Persistent Trojan Malware” Contributor, April 12, 2019 Available: https://www.csoonline.com/article/3387146/what-is-emotet-and-how-to-guard-against-this-persistent-trojan-malware.html
  • R. Çelik, A. Gezer “Behavioral Analysis of Tricot Banking Trojan with its New Tricks” International Journal of Technology and Engineering Studies.Available:https://kkgpublications.com/wpcontent/uploads/2019/12/ijtes.5.10004-3.pdf
  • Alexander S. Gillis, K. Elissa “TrickBot Malware, After Emotet takedown, TrickBot roars up threat charts” Technical Writer and Editor in ComputerWeekly Available:https://www.techtarget.com/searchsecurity/definition/TrickBot-malware
  • David Garcia “Vadokrist: Banking Malware Targeting Brazilian Entities” Fer. 17, 2020 Available:https://www.revelock.com/en/blog/vadokrist-banking-malware-targeting-brazilian-entities
  • Revti Vadjikar “Top 4 Ways Emotet Breaches Banking Security” Factspan, January 15, 2018 Available: https://www.factspan.com/top-4-ways-emotet-breaches-banking-security
  • PCrisk Team “Emotet Blunders through Attack Campaign” PCrisk, 24 September 2020 Available: https://www.pcrisk.com/internet-threat-news/18929-emotet-blunders-through-attack-campaign
  • A Gezer, G Warner, C Wilson, P Shrestha “A flow-based approach for TrickBot banking trojan detection” Computers & Security, 2019 Elsevier Van Bladel, Electromagnetic Fields, John Wiley & Sons, 2007, p.1176. Available:https://aperta.ulakbim.gov.tr/record/111954#.YZXwNWBByUk
  • Aditya K. Sood, Richard Enbody “Multi-staged Attacks Driven by Exploits and Malware” in Targeted Cyber Attacks Malware Infection, April18,2014 Available:https://www.elsevier.com/books/targeted-cyber-attacks/sood/978-0-12-800604-7
  • Malware Analysis by Hasherezade on 29 Dec 2017 Available:https://github.com/hasherezade/malware_analysis/tree/master/trickbot
  • Frederick Lardinois “Google Wants to Speed Up the Web With Its Quic Protocol” Techcrunch, 3 April 18, 2015 Available: https://www.ajer.org/papers/v6(04)/F06044045.pdf
  • Steve Patrick “Network protocols, What are QUIC? Everything You Need to Know” in APNIC, September 14, 2021 Available: https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/
  • Leslie F. Sikos “Forensic Science International: Digital Investigation” Volume 32, March 2020, 200892 Available:https://www.sciencedirect.com/journal/forensic-science-international-digital-investigation/vol/32/suppl/C
  • Sunghoon Lee “Using Weka in Matlab” version 1.5 Mathworks Jul 22, 2015 Available:https://www.mathworks.com/matlabcentral/fileexchange/50120-using-weka-in-matlab
  • Nir Shwarts, Kessem L. “Trojan Widens Its Attack Scope in Spain, Brings Redirection Attacks to Local Banks” Security Intelligence, July 19, 2017 Available:https://www.imperva.com/learn/application-security/dns-hijacking-redirection/
  • Katsumi Ono, Isamu Kawaishi, Toshihiko Kamon “Trend of Botnet Activities” Proceedings of the 41st Annual IEEE International Carnahan Conference on Security Technology, Canada (2007), pp. 243-249, November 2007 Available: https://ieeexplore.ieee.org/document/4373496
  • J. Davison “TrickBot Banking Trojan Adapts With The New Module” Webroot Threat Lab, March 21, 2018 Available: https://www.webroot.com/blog/2018/03/21/trickbot-banking-trojan-adapts-new-module/
  • Marc Salinas, Jose Miguel Holguin “Innovation in Process Malware Report Evolution of TrickBot” June, 2017 Available:https://www.slideshare.net/rootedcon/jose-miguel-holguin-marc-salinas-taller-de-anlisis-de-memoria-ram-en-sistemas-windows-rooted2019
  • Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., Zhang, J. “Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures” EURASIP Journal on Wireless Communications and Networking. Volume 2009. Available: https://doi.org/10.1155/2009/69265
  • Yusuf Sönmez, Meltem Salman and Murat Dener “Performance Analysis of Machine Learning Algorithms for Malware Detection by Using CICMalDroid2020 Dataset” Available:https://dergipark.org.tr/tr/download/article-file/2060165

Detection of Trickbot and Emotet Banking Trojans with Machine Learning

Year 2022, Volume: 10 Issue: 4, 377 - 387, 19.10.2022
https://doi.org/10.17694/bajece.1031021

Abstract

Internet banking is getting more popular with the increasing number and demand of online banking customers. Almost all transactions that could be performed in bank branches could also be realized through internet banking. Internet banking, which has become widespread with the increasing use of the Internet, has also led to an increase in cases of financial fraud. This has made the protection of personal data and the security of banking services more important than ever. It is very important for institutions and organizations providing online banking services to take security measures in their systems. Cybercriminals target internet users with methods such as malware infection, botnets, spam, phishing, identity theft, and social engineering that they use and develop every day. Therefore, there are always potential risks in using internet banking. Banking viruses commonly used by cybercriminals today are TrickBot and Emotet. Nowadays TrickBot and Emotet are popular banking trojans which gives hard times for online banking customers. Their primary goal is to steal user’s banking and personal information. In this study, we will investigate the behavior analysis and new tricks of TrickBot and Emotet banking viruses, which use different methods to compromise the security of online banking customers. We benefited WEKA program to detect these banking viruses. In addition to this, we also focused on the detection of TrickBot and Emotet Banking viruses with using Random Tree, J48, Naive Bayes, SMO Techniques.

References

  • M. Edwin Agwu, “Analysis of Obstacles to Uptake of Internet Banking Services in Nigeria” Research Journal & Management-RJBM (2015), Vol.2(1)doi:10.17261/Pressacademia.201519824 Available: https://dergipark.org.tr/tr/download/article-file/375170
  • M. Zainab Alkhalil, Chaminda Hewage “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy” Liqaa Nawaf and Imtiaz Khan Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff, United Kingdom Front. Comput. Sci., 09 March 2021 Available: https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full
  • Debbie Walkowski “Banking Trojans: A Reference Guide to the Malware Family Tree By Remi Cohen Additional Contributions” August 09, 2019 Available: https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree
  • Cybersecurity and Infrastructure Security Team “Emotet Malware” July 20, 2018 Last Revised: January 23, 2020 Available: https://us-cert.cisa.gov/ncas/alerts/TA18-201A
  • Michelle Drolet “What is Emotet? And how to guard against this Persistent Trojan Malware” Contributor, April 12, 2019 Available: https://www.csoonline.com/article/3387146/what-is-emotet-and-how-to-guard-against-this-persistent-trojan-malware.html
  • R. Çelik, A. Gezer “Behavioral Analysis of Tricot Banking Trojan with its New Tricks” International Journal of Technology and Engineering Studies.Available:https://kkgpublications.com/wpcontent/uploads/2019/12/ijtes.5.10004-3.pdf
  • Alexander S. Gillis, K. Elissa “TrickBot Malware, After Emotet takedown, TrickBot roars up threat charts” Technical Writer and Editor in ComputerWeekly Available:https://www.techtarget.com/searchsecurity/definition/TrickBot-malware
  • David Garcia “Vadokrist: Banking Malware Targeting Brazilian Entities” Fer. 17, 2020 Available:https://www.revelock.com/en/blog/vadokrist-banking-malware-targeting-brazilian-entities
  • Revti Vadjikar “Top 4 Ways Emotet Breaches Banking Security” Factspan, January 15, 2018 Available: https://www.factspan.com/top-4-ways-emotet-breaches-banking-security
  • PCrisk Team “Emotet Blunders through Attack Campaign” PCrisk, 24 September 2020 Available: https://www.pcrisk.com/internet-threat-news/18929-emotet-blunders-through-attack-campaign
  • A Gezer, G Warner, C Wilson, P Shrestha “A flow-based approach for TrickBot banking trojan detection” Computers & Security, 2019 Elsevier Van Bladel, Electromagnetic Fields, John Wiley & Sons, 2007, p.1176. Available:https://aperta.ulakbim.gov.tr/record/111954#.YZXwNWBByUk
  • Aditya K. Sood, Richard Enbody “Multi-staged Attacks Driven by Exploits and Malware” in Targeted Cyber Attacks Malware Infection, April18,2014 Available:https://www.elsevier.com/books/targeted-cyber-attacks/sood/978-0-12-800604-7
  • Malware Analysis by Hasherezade on 29 Dec 2017 Available:https://github.com/hasherezade/malware_analysis/tree/master/trickbot
  • Frederick Lardinois “Google Wants to Speed Up the Web With Its Quic Protocol” Techcrunch, 3 April 18, 2015 Available: https://www.ajer.org/papers/v6(04)/F06044045.pdf
  • Steve Patrick “Network protocols, What are QUIC? Everything You Need to Know” in APNIC, September 14, 2021 Available: https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/
  • Leslie F. Sikos “Forensic Science International: Digital Investigation” Volume 32, March 2020, 200892 Available:https://www.sciencedirect.com/journal/forensic-science-international-digital-investigation/vol/32/suppl/C
  • Sunghoon Lee “Using Weka in Matlab” version 1.5 Mathworks Jul 22, 2015 Available:https://www.mathworks.com/matlabcentral/fileexchange/50120-using-weka-in-matlab
  • Nir Shwarts, Kessem L. “Trojan Widens Its Attack Scope in Spain, Brings Redirection Attacks to Local Banks” Security Intelligence, July 19, 2017 Available:https://www.imperva.com/learn/application-security/dns-hijacking-redirection/
  • Katsumi Ono, Isamu Kawaishi, Toshihiko Kamon “Trend of Botnet Activities” Proceedings of the 41st Annual IEEE International Carnahan Conference on Security Technology, Canada (2007), pp. 243-249, November 2007 Available: https://ieeexplore.ieee.org/document/4373496
  • J. Davison “TrickBot Banking Trojan Adapts With The New Module” Webroot Threat Lab, March 21, 2018 Available: https://www.webroot.com/blog/2018/03/21/trickbot-banking-trojan-adapts-new-module/
  • Marc Salinas, Jose Miguel Holguin “Innovation in Process Malware Report Evolution of TrickBot” June, 2017 Available:https://www.slideshare.net/rootedcon/jose-miguel-holguin-marc-salinas-taller-de-anlisis-de-memoria-ram-en-sistemas-windows-rooted2019
  • Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., Zhang, J. “Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures” EURASIP Journal on Wireless Communications and Networking. Volume 2009. Available: https://doi.org/10.1155/2009/69265
  • Yusuf Sönmez, Meltem Salman and Murat Dener “Performance Analysis of Machine Learning Algorithms for Malware Detection by Using CICMalDroid2020 Dataset” Available:https://dergipark.org.tr/tr/download/article-file/2060165
There are 23 citations in total.

Details

Primary Language English
Subjects Software Testing, Verification and Validation
Journal Section Araştırma Articlessi
Authors

Rüveyda Çelik 0000-0003-4821-4633

Ali Gezer This is me 0000-0001-8265-1736

Publication Date October 19, 2022
Published in Issue Year 2022 Volume: 10 Issue: 4

Cite

APA Çelik, R., & Gezer, A. (2022). Detection of Trickbot and Emotet Banking Trojans with Machine Learning. Balkan Journal of Electrical and Computer Engineering, 10(4), 377-387. https://doi.org/10.17694/bajece.1031021

All articles published by BAJECE are licensed under the Creative Commons Attribution 4.0 International License. This permits anyone to copy, redistribute, remix, transmit and adapt the work provided the original work and source is appropriately cited.Creative Commons Lisansı