Deteksi Malware Dridex Menggunakan Signature-based Snort

Abstract

Currently malware is a dangerous application and continues to grow so that it becomes a threat when using internet services. One of the most dangerous malware in 2020 is Dridex which targets and steals banking credentials and personal information regarding a person's financial records. Dridex makes use of email spam and social engineering for its distribution. It is noted that this malware has made a loss of up to $100 million. This study focuses on analyzing Dridex activity through a network traffic dataset and then developing snort rules based on the Dridex signatures that have been found. This study has developed 12 (twelve) rules that are implemented on Snort to detect the presence of Dridex signatures. Testing the success of Dridex detection was carried out using confusion matrix techniques and resulted in an accuracy value of 88.5%, a recall or decision rate of 100%, and a precision value of 84.75%.