Advertisement

A Practical Methodology and Framework for Comprehensive Incident Handling Focused on Bot Response

  • Snag-Soo Choi
  • Myung-Jin Chun
  • Youn-Su Lee
  • Hyeak-Ro Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6485)

Abstract

Cybercrime has emerged as a major social problem. Especially, widely distributed bots are being used as a main tool for conducting cybercrime. Therefore, the needs for enhanced incident handling have increased to detect, analyze and respond to bots and botnets. DNS-Sinkhole is known as the most effective way to respond to bot activity. Incident handling is a very complex set of security activities including technical and managerial part. Especially, the concept of incident handling is higher than DNS-Sinkhole technique which only focuses on the technical part. Therefore, additional studies to integrate incident handling with DNS-Sinkhole technique are required. We propose systematic approach for comprehensive incident handling focused on the bot response. In particular, we propose comprehensive incident handling methodology based on DNS-Sinkhole technique, and practical incident handling framework for central incident handling team.

Keywords

Comprehensive Incident Handling Practical Incident Handling Framework focused on Bot Response DNS Sinkhole Technique 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ianelli, N., Hackworth, A.: Botnet as a vehicle for online crime. CERT. Request for Comments (RFC) 1700 (December 2005)Google Scholar
  2. 2.
    Vogt, R., Aycock, J.: Attack of the 50 Foot Botnet. Dept. of Computer Science, University of Calgary, TR 2006-840-33 (2006)Google Scholar
  3. 3.
    Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Proceedings of the 23 Annual Computer Security Applications Conference, ACSAC 2007 (2007)Google Scholar
  4. 4.
    Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proceedings of Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pp. 299–304 (2009)Google Scholar
  5. 5.
    Kim, Y.-B., Youm, H.-Y.: A New Bot Disinfection Method Based on DNS Sinkhole. Journal of KIISC 18(6A), 107–114 (2008)Google Scholar
  6. 6.
    Kim, Y.-B., Lee, D.-R., Choi, J.-S., Youm, H.-Y.: Preventing Botnet Damage Technique and It’s Effect using Bot DNS Sinkhole. Journal of KISS(C): Computing Practices 15(1), 47–55 (2009)Google Scholar
  7. 7.
    Korea Internet & Security Agency, A Strategy and Policy Planning for DDoS Response, KISA homepage (2010)Google Scholar
  8. 8.
    Scarfone, K., Grance, T., Masone, K.: Computer Security Incident Handling Guide, NIST SP 800-61-Revision1 (2008)Google Scholar
  9. 9.
    Bejtlich, R.: TAO of Network Security Monitoring: Beyond Intrusion Detection. Addison-Wesley, Reading (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Snag-Soo Choi
    • 1
  • Myung-Jin Chun
    • 1
  • Youn-Su Lee
    • 1
  • Hyeak-Ro Lee
    • 1
  1. 1.Science and Technology Security Center (S&T-SEC)Korea Institute of Science and Technology Information (KISTI)DaejonKorea

Personalised recommendations