A method for risk measurement of botnet's malicious activities

Dohoon Kim, Young Gab Kim, Hoh Peter In, Hyun Chel Jeong

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

A DNS sinkhole system generates, separates, and manages a blacklist of botnets detected via a botnet detection system. Since numerous bots are newly added and bot codes are updated frequently, blacklist management is extremely expensive and it is difficult to update domain names and IP addresses. Further, effectiveness and accuracy are not guaranteed as the priority of botnets is determined and handled on the basis of subjective decisions of security experts. Hence, this study aims to provide a methodology to manage the blacklist by estimating the botnet risk index (BRI) of detected botnets from the perspective of a DNS sinkhole system manager and automatically estimating the risk priority of botnets on the basis of this information. The BRI, which is a normalization equation based on a Euclidean vector concept, is calculated in a number of scenarios, with a single command and control server (C&C) and with multiple C&Cs. The BRI has been defined to provide an intuitive understanding of the degree of danger posed by botnets.

Original languageEnglish
Pages (from-to)165-180
Number of pages16
JournalInformation (Japan)
Volume17
Issue number1
Publication statusPublished - 2014 Jan

Keywords

  • Blacklist
  • Botnet Risk Index (BRI)
  • DNS Sinkhole
  • Malicious Activity
  • Risk Measurement

ASJC Scopus subject areas

  • Information Systems

Fingerprint Dive into the research topics of 'A method for risk measurement of botnet's malicious activities'. Together they form a unique fingerprint.

  • Cite this

    Kim, D., Kim, Y. G., In, H. P., & Jeong, H. C. (2014). A method for risk measurement of botnet's malicious activities. Information (Japan), 17(1), 165-180.