Abstract:
Qakbot, a multi-faceted botnet, continues to pose a significant threat to organizations
worldwide. Its ability to steal sensitive data, deploy ransomware, and disrupt critical operations
necessitates robust detection and analysis methods. This paper reviews the current state of the art in
Qakbot analysis, examining existing techniques, their limitations, and promising avenues for future
research. We discuss traditional signature-based and endpoint detection and response (EDR)
approaches, highlighting their vulnerabilities to evasion techniques. We then explore network traffic
analysis (NTA) and machine learning as emerging solutions, emphasizing their potential and challenges. Finally, we propose promising research directions, including deep learning, behavioral analysis, and cross-layer analysis, to strengthen Qakbot detection and analysis capabilities. This review aims to inform and guide researchers and practitioners in developing effective strategies to combat this evolving threat.
