Skip to main content
SpringerLink
Log in

A Practical Methodology and Framework for Comprehensive Incident Handling Focused on Bot Response

  • Conference paper
Book cover Future Generation Information Technology (FGIT 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6485))

Included in the following conference series:

Abstract

Cybercrime has emerged as a major social problem. Especially, widely distributed bots are being used as a main tool for conducting cybercrime. Therefore, the needs for enhanced incident handling have increased to detect, analyze and respond to bots and botnets. DNS-Sinkhole is known as the most effective way to respond to bot activity. Incident handling is a very complex set of security activities including technical and managerial part. Especially, the concept of incident handling is higher than DNS-Sinkhole technique which only focuses on the technical part. Therefore, additional studies to integrate incident handling with DNS-Sinkhole technique are required. We propose systematic approach for comprehensive incident handling focused on the bot response. In particular, we propose comprehensive incident handling methodology based on DNS-Sinkhole technique, and practical incident handling framework for central incident handling team.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ianelli, N., Hackworth, A.: Botnet as a vehicle for online crime. CERT. Request for Comments (RFC) 1700 (December 2005)

    Google Scholar 

  2. Vogt, R., Aycock, J.: Attack of the 50 Foot Botnet. Dept. of Computer Science, University of Calgary, TR 2006-840-33 (2006)

    Google Scholar 

  3. Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Proceedings of the 23 Annual Computer Security Applications Conference, ACSAC 2007 (2007)

    Google Scholar 

  4. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proceedings of Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pp. 299–304 (2009)

    Google Scholar 

  5. Kim, Y.-B., Youm, H.-Y.: A New Bot Disinfection Method Based on DNS Sinkhole. Journal of KIISC 18(6A), 107–114 (2008)

    Google Scholar 

  6. Kim, Y.-B., Lee, D.-R., Choi, J.-S., Youm, H.-Y.: Preventing Botnet Damage Technique and It’s Effect using Bot DNS Sinkhole. Journal of KISS(C): Computing Practices 15(1), 47–55 (2009)

    Google Scholar 

  7. Korea Internet & Security Agency, A Strategy and Policy Planning for DDoS Response, KISA homepage (2010)

    Google Scholar 

  8. Scarfone, K., Grance, T., Masone, K.: Computer Security Incident Handling Guide, NIST SP 800-61-Revision1 (2008)

    Google Scholar 

  9. Bejtlich, R.: TAO of Network Security Monitoring: Beyond Intrusion Detection. Addison-Wesley, Reading (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Science and Technology Security Center (S&T-SEC), Korea Institute of Science and Technology Information (KISTI), Daejon, 305-806, Korea

    Snag-Soo Choi, Myung-Jin Chun, Youn-Su Lee & Hyeak-Ro Lee

Authors
  1. Snag-Soo Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Myung-Jin Chun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Youn-Su Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hyeak-Ro Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, 133 Ojeong-dong, daeduk-gu, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  2. Hannam University, Daejeon, South Korea

    Young-hoon Lee

  3. University of Tasmania, Hobart, Tasmania, Australia

    Byeong-Ho Kang

  4. University of Warsaw & Infobright Inc.,, Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Choi, SS., Chun, MJ., Lee, YS., Lee, HR. (2010). A Practical Methodology and Framework for Comprehensive Incident Handling Focused on Bot Response. In: Kim, Th., Lee, Yh., Kang, BH., Ślęzak, D. (eds) Future Generation Information Technology. FGIT 2010. Lecture Notes in Computer Science, vol 6485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17569-5_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17569-5_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17568-8

  • Online ISBN: 978-3-642-17569-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation