Cooperative Architecture for Centralized Botnet Detection and Management |
Kwon, Jong-Hoon
(Div. of Computer & Communication Engineering, Korea University)
Im, Chae-Tae (Korea Information Security Agency) Choi, Hyun-Sang (Div. of Computer & Communication Engineering, Korea University) Ji, Seung-Goo (Korea Information Security Agency) Oh, Joo-Hyung (Korea Information Security Agency) Jeong, Hyun-Cheol (Korea Information Security Agency) Lee, Hee-Jo (Div. of Computer & Communication Engineering, Korea University) |
1 | The Honeynet Project, "Know your enemy: Tracking botnets," http://www.honeynet.org/papers/bots, 2005 |
2 | H. Choi. H. Lee, H. Lee, and H. Kim, "Botnet Detection by Monitoring Group Activities in DNS Traffic." IEEE Int'l Conf. Computer and Information Technology (CIT). pp. 715-720, Oct. 2007 |
3 | G. Gu. P. Porras. V. Yegneswaran, M. Fong, and W. Lee, "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation," Proceedings of the 16th USENIX Security Symposium, pp. 167-182. Aug. 2007 |
4 | Shadow server, http://www.shadowserver.org |
5 | E. Cooke. F. Jahanian, and D. McPherson. "The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets," In Proceedings of Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'05), pp. 39-44. July 2005 |
6 | M. Caesar and J. Rexford, "BGP Routing Policies in ISP Networks," IEEE Network, vol. 19. no. 6. pp. 5-11, Nov. 2005 DOI ScienceOn |
7 | N. Ianelli and A. Hackworth, "Botnets as a vehicle for online crime," CERT, Dec. 2005 |
8 | J. Jung, B. Krishnamurthy. and M. Rabinovich, "Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites," 11th Int'l WorldWideWeb Conference, pp. 252-262. May 2002 DOI |
9 | G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering Analysis of Network Traffic for Protocol- and StructureIndependent Botnet Detection," In Proceedings of the 17th USENIX Security Symposium (Security'OS), pp. 139-154, July 2008 |
10 | 전용희, "봇넷 기술 개요 및 분석," 정보보호학회지, 18(3), pp. 101-108, 2008년 6월 |
11 | Arbor Networks, Peekflow-SP. http://www.arbornetworks.com/en/peakflow-sp.html |
12 | M. Ahamad, D. Amster, M. Barrett, T. Cross, G. Heron, D. Jackson, J. King, W. Lee, R. Naraine, G. OHmann, J. Ramsey, H.A. Schmidt. and P. Traynor, "Emerging Cyber Threats Report," Georgia Tech. Information Security Center. pp. 2-3, Oct. 2009 |
13 | L. Zhuang. J. Dunagan. D.R. Simon. H.J. Wang, and J.D. Tygar, "Characterizing Botnets from Email Spam Records," First Usenix Workshop on Large-Scale Exploits and Emergent Threats(LEET 'OS), pp. 1-9. Apr. 2008 |
14 | D. Turner, M. Foss!. E. Johnson, T. Mack. J. Blackbird, S. Entwisle, M.K. Low, D. McKinney, and C. Wueest, "Symantec Global Internet Security Threat Report Vol. XIII." Symantec, Apr. 2008 |
15 | J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by IRC nickname evaluation," In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots'07). Apr. 2007 |
16 | Damballa. Failsafe app, http://www.damballa. com/solutions/enterprise_solutions.php |
17 | J.B. Grizzard, V. Sharma, C. Nunnery, B.B. Kang, and D. Dagon, "Peer-to-peer botncts: Overview and case study," In Use nix Workshop on Hot Topics in Understanding Botnets (HotBots'07), Apr. 2007 |
18 | D. McPherson, C. Labovitz, and M. Hollyman, 'Worldwide Infrastructure Security Eeport Vol III," Arbor Networks, Sep. 2007 |
19 | 김영백, 이동련, 최중섭, 염흥열, "DNS 싱크홀적용을 통한 악성봇 피해방지 기법 및 효과," 정보과학회학회지, 15(1), pp.47-55, 2009년 1월 |
20 | 한국정보보호진흥원, "인터넷침해사고 동향 및 분석 월보," pp. 10-11, 2007년12월 |