A flow-based approach for Trickbot banking trojan detection

Gezer A., Warner G., Wilson C., Shrestha P.

COMPUTERS & SECURITY, vol.84, pp.179-192, 2019 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 84
  • Publication Date: 2019
  • Doi Number: 10.1016/j.cose.2019.03.013
  • Journal Name: COMPUTERS & SECURITY
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus
  • Page Numbers: pp.179-192
  • Keywords: Trickbot, Banking trojan, Machine learning, Anomaly traffic detection, Dynamic analysis, Random Forest, TAXONOMY
  • Kayseri University Affiliated: No


Nowadays, online banking is an attractive way of carrying out financial operations such as ecommerce, e-banking, and e-payments without much effort or the need of any physical presence. This increasing popularity in online banking services and payment systems has created motivation for financial attackers to steal customer's credentials and money. Banking trojans have been a way of committing attacks on these financial institutions for more than a decade, and they have become one of the primary drivers of botnet traffic. However, the stealthy nature of financial botnets requires new techniques and novel systems for detection and analysis in order to prevent losses and to ultimately take the botnets down. TrickBot, which specifically threatens businesses in the financial sector and their customers, has been behind man-in-the-browser attacks since 2016. Its main goal is to steal online banking information from victims when they visit their banking websites.