Abstract
Cybercrime has emerged as a major social problem. Especially, widely distributed bots are being used as a main tool for conducting cybercrime. Therefore, the needs for enhanced incident handling have increased to detect, analyze and respond to bots and botnets. DNS-Sinkhole is known as the most effective way to respond to bot activity. Incident handling is a very complex set of security activities including technical and managerial part. Especially, the concept of incident handling is higher than DNS-Sinkhole technique which only focuses on the technical part. Therefore, additional studies to integrate incident handling with DNS-Sinkhole technique are required. We propose systematic approach for comprehensive incident handling focused on the bot response. In particular, we propose comprehensive incident handling methodology based on DNS-Sinkhole technique, and practical incident handling framework for central incident handling team.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ianelli, N., Hackworth, A.: Botnet as a vehicle for online crime. CERT. Request for Comments (RFC) 1700 (December 2005)
Vogt, R., Aycock, J.: Attack of the 50 Foot Botnet. Dept. of Computer Science, University of Calgary, TR 2006-840-33 (2006)
Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Proceedings of the 23 Annual Computer Security Applications Conference, ACSAC 2007 (2007)
Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proceedings of Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pp. 299–304 (2009)
Kim, Y.-B., Youm, H.-Y.: A New Bot Disinfection Method Based on DNS Sinkhole. Journal of KIISC 18(6A), 107–114 (2008)
Kim, Y.-B., Lee, D.-R., Choi, J.-S., Youm, H.-Y.: Preventing Botnet Damage Technique and It’s Effect using Bot DNS Sinkhole. Journal of KISS(C): Computing Practices 15(1), 47–55 (2009)
Korea Internet & Security Agency, A Strategy and Policy Planning for DDoS Response, KISA homepage (2010)
Scarfone, K., Grance, T., Masone, K.: Computer Security Incident Handling Guide, NIST SP 800-61-Revision1 (2008)
Bejtlich, R.: TAO of Network Security Monitoring: Beyond Intrusion Detection. Addison-Wesley, Reading (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, SS., Chun, MJ., Lee, YS., Lee, HR. (2010). A Practical Methodology and Framework for Comprehensive Incident Handling Focused on Bot Response. In: Kim, Th., Lee, Yh., Kang, BH., Ślęzak, D. (eds) Future Generation Information Technology. FGIT 2010. Lecture Notes in Computer Science, vol 6485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17569-5_47
Download citation
DOI: https://doi.org/10.1007/978-3-642-17569-5_47
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17568-8
Online ISBN: 978-3-642-17569-5
eBook Packages: Computer ScienceComputer Science (R0)