• Title/Summary/Keyword: Malicious bot-infected PC

Search Result 4, Processing Time 0.025 seconds

Preventing Botnet Damage Technique and It's Effect using Bot DNS Sinkhole (DNS 싱크홀 적용을 통한 악성봇 피해방지 기법 및 효과)

  • Kim, Young-Baek;Lee, Dong-Ryun;Choi, Joong-Sup;Youm, Heung-Youl
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.15 no.1
    • /
    • pp.47-55
    • /
    • 2009
  • Bot is a kind of worm/virus that is remotely controlled by a herder. Bot can be used to launch distributed denial-of-service(DDoS) attacks or send spam e-mails etc. Launching cyber attacks using malicious Bots is motivated by increased monetary gain which is not the objective of worm/virus. However, it is very difficult for infected user to detect this infection of Botnet which becomes more serious problems. This is why botnet is a dangerous, malicious program. The Bot DNS Sinkhole is a domestic bot mitigation scheme which will be proved in this paper as one of an efficient ways to prevent malicious activities caused by bots and command/control servers. In this paper, we analysis botnet activities over more than one-year period, including Bot's lifetime, Bot command/control server's characterizing. And we analysis more efficient ways to prevent botnet activities. We have showed that DNS sinkhole scheme is one of the most effective Bot mitigation schemes.

A New Defense against DDoS Attacks using Reputation (평판을 이용한 새로운 DDoS 공격 대응 방안 연구)

  • Shin, Jung-Hwa;Shin, Weon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.15 no.8
    • /
    • pp.1720-1726
    • /
    • 2011
  • The DDoS attacks which are increasing recently must have many zombie PCs before attacking targeted systems by attacker. A zombie PC is infected by attacker's malignant code and may be operated by the his/her special malicious purposes. But most users generally don't know that their PCs are infected and used as zombies by illegal activities covertly. In this paper, we propose a new scheme that decreases vulnerable PCs and isolates them from Internet before being zombie PCs. The proposed scheme point the reputations of connected PCs and decide whether their Internet connections are keeping continuously or not. Also We show the figures how to infect susceptable PCs to zombie PCs, and analyze the decrease effects of DDoS attacks adapted by the proposed scheme with various experiments.

An Effective Feature Generation Method for Distributed Denial of Service Attack Detection using Entropy (엔트로피를 이용한 분산 서비스 거부 공격 탐지에 효과적인 특징 생성 방법 연구)

  • Kim, Tae-Hun;Seo, Ki-Taek;Lee, Young-Hoon;Lim, Jong-In;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.4
    • /
    • pp.63-73
    • /
    • 2010
  • Malicious bot programs, the source of distributed denial of service attack, are widespread and the number of PCs which were infected by malicious bot program are increasing geometrically thesedays. The continuous distributed denial of service attacks are happened constantly through these bot PCs and some financial incident cases have found lately. Therefore researches to response distributed denial of service attack are necessary so we propose an effective feature generation method for distributed denial of service attack detection using entropy. In this paper, we apply our method to both the DARPA 2000 datasets and also the distributed denial of service attack datasets that we composed and generated ourself in general university. And then we evaluate how the proposed method is useful through classification using bayesian network classifier.

Distributed Attack Analysis and Countermeasure (분산처리 공격에 대한 방어방법 연구)

  • Shin, Miyea
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.1
    • /
    • pp.19-23
    • /
    • 2015
  • Distributed Denial of Service attack is a form of denial of service attacks, the attacker to attack a place in a number of points of attack by a wide variety of forms over the network to perform a service on a point attack . Do not use a specific server or client attempts to make a connection to many services available that prevents this attack and so normally used . Corresponding methods of DDoS attacks has a corresponding managerial aspects and technical aspects of the proposed two.

  • PDF