A method for risk measurement of botnet's malicious activities

Dohoon Kim, Young Gab Kim, Hoh Peter In, Hyun Chel Jeong

    Research output: Contribution to journalArticlepeer-review

    1 Citation (Scopus)

    Abstract

    A DNS sinkhole system generates, separates, and manages a blacklist of botnets detected via a botnet detection system. Since numerous bots are newly added and bot codes are updated frequently, blacklist management is extremely expensive and it is difficult to update domain names and IP addresses. Further, effectiveness and accuracy are not guaranteed as the priority of botnets is determined and handled on the basis of subjective decisions of security experts. Hence, this study aims to provide a methodology to manage the blacklist by estimating the botnet risk index (BRI) of detected botnets from the perspective of a DNS sinkhole system manager and automatically estimating the risk priority of botnets on the basis of this information. The BRI, which is a normalization equation based on a Euclidean vector concept, is calculated in a number of scenarios, with a single command and control server (C&C) and with multiple C&Cs. The BRI has been defined to provide an intuitive understanding of the degree of danger posed by botnets.

    Original languageEnglish
    Pages (from-to)165-180
    Number of pages16
    JournalInformation (Japan)
    Volume17
    Issue number1
    Publication statusPublished - 2014 Jan

    Keywords

    • Blacklist
    • Botnet Risk Index (BRI)
    • DNS Sinkhole
    • Malicious Activity
    • Risk Measurement

    ASJC Scopus subject areas

    • Information Systems

    Fingerprint

    Dive into the research topics of 'A method for risk measurement of botnet's malicious activities'. Together they form a unique fingerprint.

    Cite this