Advertisement

Enhanced Sinkhole System by Improving Post-processing Mechanism

  • Haeng-Gon Lee
  • Sang-Soo Choi
  • Youn-Su Lee
  • Hark-Soo Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6485)

Abstract

Cybercrime is threatening our lives more seriously. In particular, the botnet technology is leading most of cybercrime such as distribute denial of service attack, spamming, critical information disclosure. To cope with this problem, various security techniques have been proposed. Especially, DNS-Sinkhole is known as the most effective approach to detect botnet activities. It has various advantages such as low cost, easy establishment and high effect. However, botnet response is more difficult because botnet technology is constantly evolving. In particular, legacy sinkhole system has revealed a variety of limitations such as low accuracy and limited information. Therefore, additional research is required to overcome these limitations. In this paper, we propose an enhanced sinkhole system that utilizes DNS-Sinkhole. Especially, we focus on the improving of post-processing mechanism based on packet analysis.

Keywords

Botnet defense DNS-Sinkhole based bot response packet analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ianelli, N., Hackworth, A.: Botnet as a vehicle for online crime. CERT. Request for Comments (RFC) 1700 (December 2005)Google Scholar
  2. 2.
    Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proceedings of Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pp. 299–304 (2009)Google Scholar
  3. 3.
    Korea Internet & Security Agency, A Strategy and Policy Planning for DDoS Response, KISA homepage (2010)Google Scholar
  4. 4.
    Kim, Y.-B., Youm, H.-Y.: A New Bot Disinfection Method Based on DNS Sinkhole. Journal of KIISC 18(6A), 107–114 (2008)Google Scholar
  5. 5.
    Kim, Y.-B., Lee, D.-R., Choi, J.-S., Youm, H.-Y.: Preventing Botnet Damage Technique and It’s Effect using Bot DNS Sinkhole. Journal of KISS(C): Computing Practices 15(1), 47–55 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Haeng-Gon Lee
    • 1
  • Sang-Soo Choi
    • 1
  • Youn-Su Lee
    • 1
  • Hark-Soo Park
    • 1
  1. 1.Science and Technology Security Center (S&T-SEC)Korea Institute of Science and Technology Information (KISTI)DaejonKorea

Personalised recommendations