Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
A method for risk measurement of botnet's malicious activities
- Authors
- Kim, D.; Kim, Y.-G.; In, H.P.; Jeong, H.C.
- Issue Date
- 2014
- Publisher
- International Information Institute Ltd.
- Keywords
- Blacklist; Botnet Risk Index (BRI); DNS Sinkhole; Malicious Activity; Risk Measurement
- Citation
- Information (Japan), v.17, no.1, pp.165 - 180
- Indexed
- SCOPUS
- Journal Title
- Information (Japan)
- Volume
- 17
- Number
- 1
- Start Page
- 165
- End Page
- 180
- ISSN
- 1343-4500
- Abstract
- A DNS sinkhole system generates, separates, and manages a blacklist of botnets detected via a botnet detection system. Since numerous bots are newly added and bot codes are updated frequently, blacklist management is extremely expensive and it is difficult to update domain names and IP addresses. Further, effectiveness and accuracy are not guaranteed as the priority of botnets is determined and handled on the basis of subjective decisions of security experts. Hence, this study aims to provide a methodology to manage the blacklist by estimating the botnet risk index (BRI) of detected botnets from the perspective of a DNS sinkhole system manager and automatically estimating the risk priority of botnets on the basis of this information. The BRI, which is a normalization equation based on a Euclidean vector concept, is calculated in a number of scenarios, with a single command and control server (C&C) and with multiple C&Cs. The BRI has been defined to provide an intuitive understanding of the degree of danger posed by botnets. © 2014 International Information Institute.
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.