COMBATTING QAKBOT: A REVIEW OF DETECTION AND ANALYSIS TECHNIQUES

Abstract

Qakbot, a multi-faceted botnet, continues to pose a significant threat to organizations worldwide. Its ability to steal sensitive data, deploy ransomware, and disrupt critical operations necessitates robust detection and analysis methods. This paper reviews the current state of the art in Qakbot analysis, examining existing techniques, their limitations, and promising avenues for future research. We discuss traditional signature-based and endpoint detection and response (EDR) approaches, highlighting their vulnerabilities to evasion techniques. We then explore network traffic analysis (NTA) and machine learning as emerging solutions, emphasizing their potential and challenges. Finally, we propose promising research directions, including deep learning, behavioral analysis, and cross-layer analysis, to strengthen Qakbot detection and analysis capabilities. This review aims to inform and guide researchers and practitioners in developing effective strategies to combat this evolving threat.