Abstract
Among the current botnet countermeasures, DNS sinkhole is known as the best practice in the world. This technique prevents a cyberattack by cutting off the communication between a command and control (C&C) server and zombie PCs (malicious bots). In particular, the characteristics of malicious bots and suspicious URLs can be analyzed, using the malicious packets collected from a DNS Sinkhole system. For this, technology advancement is required to analyze the behavior of malicious bots, which has become more intelligent through analysis on the operation and current situations of conventional DNS sinkholes. Therefore, this study attempted to analyze and improve the limitations of a current DNS sinkhole packet collection program (DNS sinkhole server program). After the unification and advancement of the DNS sinkhole server programs which have been developed and operated for different purposes, the ratio of malicious packet capture improved five times, compared to a conventional system. In addition, even though a conventional system has captured only one malicious packet per source IP, the proposed system has made it possible to collect more information on malicious packets by collecting an average of 5.3 malicious packets per source IP.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lim, C. T. (2008). Botnets trend technology and response. IT Standard and Test TTA Journal, 118, 58–65.
Asri, S., & Pranggono, B. (2015). Impact of distributed denial-of-service attack on advanced metering infrastructure. Journal of Wireless Personal Communications, 83(3), 2211–2223.
Verma, K., Hasbullah, H., & Kumar, A. (2013). Prevention of DoS attacks in VANET. Journal of Wireless Personal Communications, 73(1), 95–126.
Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M. (2009). A survey of botnet technology and defenses. In Proceedings of Cybersecurity Applications and Technology Conference For Homeland Security (CATCH) (pp. 299–304).
Kim, J., Kim, T. H., Lee, S. H., Park, Y. M., Song, J. H., Kang, T. H., & Lee B. Y. (2010). A study on trend, evolution and next-generation solutions of DDoS attacks. Reaserch Report. http://wwww.kisa.or.kr
Kim, Y. B., & Youm, H. Y. (2008). A new bot disinfection method based on DNS Sinkhole. Journal of KIISC, 18(6A), 107–114.
Kim, Y. B., Lee, Choi, J. S., & Youm, H. Y. (2009). Preventing botnet damage technique and it’s effect using bot DNS Sinkhole. Journal of KISS(C): Computing Practices, 15(1), 47–55.
Choi, S.-S., Chun, M.-J., Lee, Y.-S., Lee, H.-R. (2010). A Practical methodology and framework for comprehensive incident handling focused on bot response. Future Generation Information Technology, Volume 6485 of the series Lecture Notes in Computer Science (pp. 481–492).
Lee, H.-G., Choi, S.-S., Lee, Y.-S., & Park, H.-S. (2010). Enhanced Sinkhole system by improving post-processing mechanism. Future Generation Information Technology, Volume 6485 of the series Lecture Notes in Computer Science (pp. 469–480).
Kim, K.-I., Choi, S.-S., Park, H.-S., Ko, S.-J., & Song, J.-S. (2014). A study on collection and analysis method of malicious URLs based on Darknet traffic for advanced security monitoring and response. Journal of KIISC, 24(6), 1185–1195.
Kim, H.S., Choi, S.-S., & Song, J. (2013). A methodology for multipurpose DNS Sinkhole analyzing double bounce emails. In Proceedings Of ICONIC 2013, LNCS (vol. 8226, pp. 609–616).
Yang, S., Luo, H., Qin, Y., & Zhang, H. (2009). Design and evaluation of DNS as location manager for HIP. Journal of Wireless Personal Communications, 48(4), 605–619.
Saravanan, K., & Senthilkumar, A. (2015). Security enhancement in distributed networks using link-based mapping scheme for network intrusion detection with enhanced bloom filter. Journal of Wireless Personal Communications, 84(2), 821–839.
Acknowledgments
This research was supported by Building Security Service of Advanced KREONET Based funded by Korea Institute of Science and Technology Information.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jung, H.M., Lee, H.G. & Choi, J.W. Efficient Malicious Packet Capture Through Advanced DNS Sinkhole. Wireless Pers Commun 93, 21–34 (2017). https://doi.org/10.1007/s11277-016-3443-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3443-1