Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.3.83

Cooperative Architecture for Centralized Botnet Detection and Management  

Kwon, Jong-Hoon (Div. of Computer & Communication Engineering, Korea University)
Im, Chae-Tae (Korea Information Security Agency)
Choi, Hyun-Sang (Div. of Computer & Communication Engineering, Korea University)
Ji, Seung-Goo (Korea Information Security Agency)
Oh, Joo-Hyung (Korea Information Security Agency)
Jeong, Hyun-Cheol (Korea Information Security Agency)
Lee, Hee-Jo (Div. of Computer & Communication Engineering, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.3, 2009 , pp. 83-93 More about this Journal
Abstract
In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spamming. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this study, we suggest an architecture to detect and regulate botnets using cooperative design which includes modules of gathering network traffics and sharing botnet information between ISPs or nations. Proposed architecture is effective to reveal evasive and world-wide botnets, because it does not depend on specific systems or hardwares, and has broadband cooperative framework.
Keywords
Botned; Detection; Cooperative Architecture; Malware; Network Security;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 The Honeynet Project, "Know your enemy: Tracking botnets," http://www.honeynet.org/papers/bots, 2005
2 H. Choi. H. Lee, H. Lee, and H. Kim, "Botnet Detection by Monitoring Group Activities in DNS Traffic." IEEE Int'l Conf. Computer and Information Technology (CIT). pp. 715-720, Oct. 2007
3 G. Gu. P. Porras. V. Yegneswaran, M. Fong, and W. Lee, "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation," Proceedings of the 16th USENIX Security Symposium, pp. 167-182. Aug. 2007
4 Shadow server, http://www.shadowserver.org
5 E. Cooke. F. Jahanian, and D. McPherson. "The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets," In Proceedings of Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'05), pp. 39-44. July 2005
6 M. Caesar and J. Rexford, "BGP Routing Policies in ISP Networks," IEEE Network, vol. 19. no. 6. pp. 5-11, Nov. 2005   DOI   ScienceOn
7 N. Ianelli and A. Hackworth, "Botnets as a vehicle for online crime," CERT, Dec. 2005
8 J. Jung, B. Krishnamurthy. and M. Rabinovich, "Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites," 11th Int'l WorldWideWeb Conference, pp. 252-262. May 2002   DOI
9 G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering Analysis of Network Traffic for Protocol- and StructureIndependent Botnet Detection," In Proceedings of the 17th USENIX Security Symposium (Security'OS), pp. 139-154, July 2008
10 전용희, "봇넷 기술 개요 및 분석," 정보보호학회지, 18(3), pp. 101-108, 2008년 6월
11 Arbor Networks, Peekflow-SP. http://www.arbornetworks.com/en/peakflow-sp.html
12 M. Ahamad, D. Amster, M. Barrett, T. Cross, G. Heron, D. Jackson, J. King, W. Lee, R. Naraine, G. OHmann, J. Ramsey, H.A. Schmidt. and P. Traynor, "Emerging Cyber Threats Report," Georgia Tech. Information Security Center. pp. 2-3, Oct. 2009
13 L. Zhuang. J. Dunagan. D.R. Simon. H.J. Wang, and J.D. Tygar, "Characterizing Botnets from Email Spam Records," First Usenix Workshop on Large-Scale Exploits and Emergent Threats(LEET 'OS), pp. 1-9. Apr. 2008
14 D. Turner, M. Foss!. E. Johnson, T. Mack. J. Blackbird, S. Entwisle, M.K. Low, D. McKinney, and C. Wueest, "Symantec Global Internet Security Threat Report Vol. XIII." Symantec, Apr. 2008
15 J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by IRC nickname evaluation," In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots'07). Apr. 2007
16 Damballa. Failsafe app, http://www.damballa. com/solutions/enterprise_solutions.php
17 J.B. Grizzard, V. Sharma, C. Nunnery, B.B. Kang, and D. Dagon, "Peer-to-peer botncts: Overview and case study," In Use nix Workshop on Hot Topics in Understanding Botnets (HotBots'07), Apr. 2007
18 D. McPherson, C. Labovitz, and M. Hollyman, 'Worldwide Infrastructure Security Eeport Vol III," Arbor Networks, Sep. 2007
19 김영백, 이동련, 최중섭, 염흥열, "DNS 싱크홀적용을 통한 악성봇 피해방지 기법 및 효과," 정보과학회학회지, 15(1), pp.47-55, 2009년 1월
20 한국정보보호진흥원, "인터넷침해사고 동향 및 분석 월보," pp. 10-11, 2007년12월