Deteksi Malware Dridex Menggunakan Signature-based Snort

Authors

  • Adhitya Nugraha Universitas Dian Nuswantoro Semarang
  • Dinda Aulia Gustian Universitas Dian Nuswantoro Semarang

Keywords:

Dridex, Malware, IDS, Snort, Signature-based

Abstract

Currently malware is a dangerous application and continues to grow so that it becomes a threat when using internet services. One of the most dangerous malware in 2020 is Dridex which targets and steals banking credentials and personal information regarding a person's financial records. Dridex makes use of email spam and social engineering for its distribution. It is noted that this malware has made a loss of up to $100 million. This study focuses on analyzing Dridex activity through a network traffic dataset and then developing snort rules based on the Dridex signatures that have been found. This study has developed 12 (twelve) rules that are implemented on Snort to detect the presence of Dridex signatures. Testing the success of Dridex detection was carried out using confusion matrix techniques and resulted in an accuracy value of 88.5%, a recall or decision rate of 100%, and a precision value of 84.75%.

References

Y. Zhang, J. Niu, D. Guo, Y. Teng, and X. Bao, “Unknown Network Attack Detection Based on Open Set Recognition,” Procedia Comput. Sci., vol. 174, no. 2019, pp. 387–392, 2020.

Health Sector Cybersecurity Coordination Center (HC3), “Health Sector Cybersecurity Coordination Center ( HC3 ) Sector Alert,” 2020.

SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos IA, and Cloud Security, “Sophos 2021 Threat Report,” 2020.

L. Teo, “Learning from the Dridex Malware - Adopting an Effective Strategy,” SANS Inst., p. 34, 2015.

L. Rudman and B. Irwin, “Dridex: Analysis of the traffic and automatic generation of IOCs,” 2016 Inf. Secur. South Africa - Proc. 2016 ISSA Conf., pp. 77–84, 2016.

J. Gajek, “Macro malware: dissecting a malicious Word document,” Netw. Secur., vol. 2017, no. 5, pp. 8–13, 2017.

Y. Cohen, D. Hendler, and A. Rubin, “Detection of malicious webmail attachments based on propagation patterns,” Knowledge-Based Syst., vol. 141, pp. 67–79, 2018.

C. and I. S. A. (CISA), “National Cyber Awareness System Alerts Dridex Malware Alert (AA19-339A),” 2019.

SophosLabs Research Team, “Emotet exposed: looking inside highly destructive malware,” Netw. Secur., vol. 2019, no. 6, pp. 6–11, 2019.

L. Dali et al., “A survey of intrusion detection system,” 2015 2nd World Symp. Web Appl. Networking, WSWAN 2015, 2015.

A. Garg and P. Maheshwari, “Performance analysis of Snort-based Intrusion Detection System,” ICACCS 2016 - 3rd Int. Conf. Adv. Comput. Commun. Syst. Bringing to Table, Futur. Technol. from Arround Globe, pp. 0–4, 2016.

A. Nugraha and N. Rijati, “Penerapan Metode Principal Component Analysis (PCA) Untuk Deteksi Anomali Pada Jaringan Peer-To-Peer (P2P) Botnet,” Techno.COM, vol. 14, no. 3, pp. 212–217, 2015.

S. M. Hussein, “Performance Evaluation of Intrusion Detection System Using Anomaly and Signature Based Algorithms to Reduction False Alarm Rate and Detect Unknown Attacks,” Proc. - 2016 Int. Conf. Comput. Sci. Comput. Intell. CSCI 2016, pp. 1064–1069, 2017.

R. M. A. Ujjan, Z. Pervez, and K. Dahal, “Suspicious Traffic Detection in SDN with Collaborative Techniques of Snort and Deep Neural Networks,” Proc. - 20th Int. Conf. High Perform. Comput. Commun. 16th Int. Conf. Smart City 4th Int. Conf. Data Sci. Syst. HPCC/SmartCity/DSS 2018, pp. 915–920, 2019.

A. Sagala, “Automatic SNORT IDS rule generation based on honeypot log,” Proc. - 2015 7th Int. Conf. Inf. Technol. Electr. Eng. Envisioning Trend Comput. Inf. Eng. ICITEE 2015, pp. 576–580, 2015.

A. S. Shekhawat, F. Di Troia, and M. Stamp, “Feature analysis of encrypted malicious traffic,” Expert Syst. Appl., vol. 125, pp. 130–141, 2019.

Downloads

Published

2021-05-02

How to Cite

Nugraha, A., & Gustian, D. A. . (2021). Deteksi Malware Dridex Menggunakan Signature-based Snort . Indonesian Journal of Computer Science, 10(1). Retrieved from http://ijcs.stmikindonesia.ac.id/index.php/ijcs/article/view/370

Issue

Section

Articles