Enhanced Sinkhole System by Improving Post-processing Mechanism
Cybercrime is threatening our lives more seriously. In particular, the botnet technology is leading most of cybercrime such as distribute denial of service attack, spamming, critical information disclosure. To cope with this problem, various security techniques have been proposed. Especially, DNS-Sinkhole is known as the most effective approach to detect botnet activities. It has various advantages such as low cost, easy establishment and high effect. However, botnet response is more difficult because botnet technology is constantly evolving. In particular, legacy sinkhole system has revealed a variety of limitations such as low accuracy and limited information. Therefore, additional research is required to overcome these limitations. In this paper, we propose an enhanced sinkhole system that utilizes DNS-Sinkhole. Especially, we focus on the improving of post-processing mechanism based on packet analysis.
KeywordsBotnet defense DNS-Sinkhole based bot response packet analysis
Unable to display preview. Download preview PDF.
- 1.Ianelli, N., Hackworth, A.: Botnet as a vehicle for online crime. CERT. Request for Comments (RFC) 1700 (December 2005)Google Scholar
- 2.Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proceedings of Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pp. 299–304 (2009)Google Scholar
- 3.Korea Internet & Security Agency, A Strategy and Policy Planning for DDoS Response, KISA homepage (2010)Google Scholar
- 4.Kim, Y.-B., Youm, H.-Y.: A New Bot Disinfection Method Based on DNS Sinkhole. Journal of KIISC 18(6A), 107–114 (2008)Google Scholar
- 5.Kim, Y.-B., Lee, D.-R., Choi, J.-S., Youm, H.-Y.: Preventing Botnet Damage Technique and It’s Effect using Bot DNS Sinkhole. Journal of KISS(C): Computing Practices 15(1), 47–55 (2009)Google Scholar