A Signature-Based Botnet (Emotet) Detection Mechanism

A Signature-Based Botnet (Emotet) Detection Mechanism

© 2022 by IJETT Journal
Volume-70 Issue-5
Year of Publication : 2022
Authors : Foram Suthar, Nimisha Patel, Samarat V.O. Khanna
DOI :  10.14445/22315381/IJETT-V70I5P220

How to Cite?

Foram Suthar, Nimisha Patel, Samarat V.O. Khanna, "A Signature-Based Botnet (Emotet) Detection Mechanism," International Journal of Engineering Trends and Technology, vol. 70, no. 5, pp. 185-193, 2022. Crossref, https://doi.org/10.14445/22315381/IJETT-V70I5P220

The Internet has become an essential part of life, especially after the COVID-19 pandemic. The increasing use of technology brings new challenges. Cyber security has emerged as a major threat during the pandemic. Distributed Denial of Service Attack (DDoS) attacks have become more refined than other cyber-attacks during the pandemic. The most important question comes into mind: What is the source of the DDoS attack? The answer is botnet which provides the platform for the attacker. A botnet has targeted the escalation of vulnerable systems. Therefore, real-life and accurate botnet detection and prevention techniques must be effectively designed. Due to this organized dataset, IoCs are required for a most dangerous botnet to prevent networks at an early stage. Various malware datasets have been published for the research work, but most are outdated. The author has proposed a new dataset of windows based botnets using different analysis techniques. This work provides the geolocation of the live malicious connection made by emotet. They have also presented the mechanism which calculates the IP reputation and detects botnet based on IoCs using snort Intrusion Detection.

Botnet, emotet malware, Snort, Intrusion detection system, Intrusion prevention system, DDoS.

[1] (2020). The Prnewswire Website. [Online]. Available: https://www.prnewswire.com/news-releases/top-cyber-security experts-report-4-000- cyberattacks-a-day-since-covid-19-pandemic-301110157.html
[2] (2020). The Economic Times. [Online]. Available: https://economictimes.indiatimes.com/tech/internet/fearware-in-the-times-of-covid-19- pandemic/articleshow/75664689.cms?from=mdr
[3] (2022). The ZDNet Website. [Online]. Available: https://www.zdnet.com/article/2021-was-a-terrible-year-for-cybersecurity-without-action-2022- could-be-even-worse/
[4] Lee Wenke, Malware and Attack Technologies Knowledge Area Issue. (2020).
[5] Koroniotis, Nickolaos, et al., Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-Iot Dataset, Future Generation Computer Systems. 100 (2019) 779-796.
[6] Nkongolo, Mike, Jacobus Philippus van Deventer, and Sydney Mambwe Kasongo, UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats, Information. 12(10) (2021) 405.
[7] Özgür, Atilla, and Hamit Erdem, A Review of KDD99 Dataset Usage in Intrusion Detection and Machine Learning Between 2010 and 2015. (2016).
[8] I. Ali, A. I. A. Ahmed, A. Almogren, et al., Systematic Literature Review on Iot-Based Botnet Attack, IEEE Access. 8 (2020) 212220–212232.
[9] M. Singh, M. Singh, and S. Kaur, Issues and Challenges in DNS Based Botnet Detection: A Survey, Computers & Security. 86 (2019) 28–52.
[10] M. Sandip Sonawane, A Survey of Botnet and Botnet Detection Methods, International Journal of Engineering Research & Technology (IJERT). 7(12) (2018).
[11] K. Alieyan, A. Almomani, A. Manasrah, and M. M. Kadhum, A Survey of Botnet Detection Based on DNS, Neural Computing and Applications. 28(7) (2017) 1541–1558.
[12] X. Li, J. Wang, and X. Zhang, Botnet Detection Technology Based on DNS, Future Internet. 9(4) (2017) 55.
[13] Almutairi, Suzan, et al., Hybrid Botnet Detection Based on Host and Network Analysis, Journal of Computer Networks and Communications. (2020).
[14] Xing, Ying, et al., Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation, Mathematical Problems in Engineering. (2021).
[15] Tuan, Tong Anh, Hoang Viet Long, and David Taniar, On Detecting and Classifying DGA Botnets and their Families, Computers & Security. 113 (2022) 102549.
[16] Abrantes, Rodrigo, Pedro Mestre, and António Cunha, Exploring Dataset Manipulation via Machine Learning for Botnet Traffic, Procedia Computer Science. 196 (2022) 133-141.
[17] Feizi, Sanaz, and Hamidreza Ghaffari, Detecting Botnet Using Traffic Behaviour Analysis and Extraction of Effective Flow Features, Intern
[18] Al-Nawasrah, Ahmad, et al., Botnet Attack Detection Using A Hybrid Supervised Fast-Flux Killer System, Journal of Web Engineering. (2022) 179- 202.
[19] S. Kumar and B. R. Chandavarkar, DDOS Prevention in IoT, 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). (2021) 1-6. Doi: 10.1109/ICCCNT51525.2021.9579765.
[20] Trajanovski, Tolijan, and Ning Zhang, An Automated Behaviour-Based Clustering of IoT Botnets, Future Internet. 14(1) (2022): 6.
[21] Yamaguchi, Shingo, and Brij Gupta. Botnet Defense System and White-Hat Worm Launch Strategy in IoT Network, Advances in Malware and DataDriven Network Security, IGI Global. (2022) 127-147.
[22] Al-Sarem, Mohammed, et al., An Aggregated Mutual Information Based Feature Selection with Machine Learning Methods for Enhancing IoT Botnet Attack Detection, Sensors. 22(1) (2022) 185.
[23] Alphonse A, Sherly, EL Dhivya Priya, and M. Kowsigan, Review of Machine Learning Techniques Used for Intrusion and Malware Detection in WSNs and IoT Devices, Design and Development of Efficient Energy Systems. (2022) 57-65.
[24] Shinan, Khlood, et al., Machine Learning-Based Botnet Detection in Software-Defined Network: A Systematic Review, Symmetry. 13(5) (2021) 866.
[25] Hosseini, Soodeh, Ali Emamali Nezhad, and Hossein Seilani, Botnet Detection Using Negative Selection Algorithm, Convolution Neural Network and Classification Methods, Evolving Systems. (2021) 1-15.
[26] Jithu P. et al., Intrusion Detection System for IOT Botnet Attacks Using Deep Learning, SN Computer Science. 2(3) (2021) 1-8.
[27] Salim, Mikail Mohammed, Sushil Kumar Singh, and Jong Hyuk Park, Securing Smart Cities using LSTM Algorithm and Lightweight Containers Against Botnet Attacks, Applied Soft Computing. 113 (2021) 107859.
[28] Mihajlovi? S, D. Iveti?, and I. Berkovi?, Use of CNNs on Mobile Devices to Protect Data from Malware and Unauthorized Attacks.
[29] Raj, Mehedi Hasan, et al., IoT Botnet Detection Using Various One-Class Classifiers, Vietnam. J. Comput. Sci. 8(2) (2021) 291-310.
[30] Soleymani, Ali, and Fatemeh Arabgol, A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques, Journal of Computer Networks and Communications. (2021).
[31] Manzoor, Nosheen, et al., Role of Machine Learning Techniques in Digital Forensic Investigation of Botnet Attacks, International Journal of Management (IJM). 12(2) (2021).
[32] Rahmantyo, D. Tsany, Bayu Erfianto, and G. Bayu Satrya, Deep Residual CNN for Preventing Botnet Attacks on the Internet of Things, 4th International Conference of Computer and Informatics Engineering (IC2IE), IEEE. (2021).
[33] Aruna J, and S. Prayla Shyry, Survey on Artificial Intelligence Based Resilient Recovery of Botnet Attack, 5th International Conference on Trends in Electronics and Informatics (ICOEI), IEEE. (2021).
[34] Sharmila B. S, and Rohini Nagapadma, Multi Core DNN based IDS for Botnet Attacks using KPCA Reduction Techniques. (2021).
[35] Joshi, Chirag, Ranjeet Kumar Ranjan, and Vishal Bharti, A Fuzzy Logic Based Feature Engineering Approach for Botnet Detection Using ANN, Journal of King Saud University-Computer and Information Sciences. (2021).
[36] Das, Suchitra, P. P. Amritha, and K. Praveen, Detection and Prevention of Mirai Attack, Soft Computing and Signal Processing, Springer, Singapore. (2021) 79-88.
[37] Fejrskov, Martin, et al., An Uneven Game of Hide and Seek: Hiding Botnet CnC by Encrypting IPs in DNS Records.
[38] Ibrahim, Mohammed, et al., The Impact of Memory-Efficient Bots on IoT-WSN Botnet Propagation, Wireless Personal Communications. (2021) 1-13.
[39] Amina, Shehu, et al., A Bibliometric Analysis of Botnet Detection Techniques, Handbook of Big Data and IoT Security. Springer, Cham. (2019) 345- 365.
[40] Soltani, Somayeh, et al., A Survey on Real World Botnets and Detection Mechanisms, International Journal of Information and Network Security. 3(2) (2014):116.
[41] Sinha, Prosenjit, et al., Insights from the Analysis of the Mariposa Botnet, Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS), IEEE. (2010).
[42] Kumar, Sunil, Bhanu Pratap Singh, and Vinesh Kumar, A Semantic Machine Learning Algorithm for Cyber Threat Detection and Monitoring Security, 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), IEEE. (2021).
[43] Evans Mwasiaji, Kenneth Iloka, Cyber Security Concerns and Competitiveness for Selected Medium Scale Manufacturing Enterprises in the Context of Covid-19 Pandemic in Kenya, IJETT International Journal of Computer Science and Engineering. 8(8) (2021) 1-7.
[44] Mahesh M. Baradkar, Dr.Bandu B. Meshram, A Survey on Cloud Security: Infrastructure as a Service, IJETT International Journal of Computer Science and Engineering. 6(6) (2019) 17-21.
[45] Li, Andrea, Privacy, Security and Trust Issues in Cloud Computing, International Journal of Computer Science Engineering. 6(10) (2019) 29-32.
[46] (2020). Emotet Now Spreads via Wi-Fi, Emotet Now Spreads via Wi-Fi. [Online]. Available: https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi
[47] (2021). Schwarz D, & Kumar A, Return of Emotet: Malware Analysis, Zscaler. [Online]. Available: https://www.zscaler.com/blogs/securityresearch/return-emotet-malware-analysis
[48] Arshiya Moin, Artificial Intelligence Vs Covid19, IJETT International Journal of Computer Science and Engineering. 7(5) (2020) 5-7