BROWSE
Detail
Conference Paper
Prediction Model for Botnet-Based Cyber Threats Using DNS Traffic Analysis
Cited - time in 
Share 
Share
- Authors
- Sun-Hee Lim, Jong-Hyun Kim, Ikkyun Kim
- Issue Date
- 2013-06
- Citation
- International Conference on Networked Computing and Advanced Information Management (NCM) 2013, pp.502-507
- Language
- English
- Type
- Conference Paper
- Abstract
- Cyberspace has become a national threat by DDoS (Distributed Denial of Service) attacks attempting a large-scale cyber attack, APT (Advanced Persistent Threat) targeting major facilities or Stuxnet attack. These cyber threats are performed by botnet. Recognize predictions and pre-symptom for the evolution of cyber threats, if possible, we will be able to respond more quickly to security threats. In this paper, we propose a prediction model for the actual possible attack by analyzing the scale of botnets, in reality, means of cyber threats. In particular, in this paper, we analyzed DNS traffic in the actual ISP (Internet Service Provider) network, extracted black list, and then monitored traffic between the suspected domain, C&C server and zombie PCs at the IX (International eXchange). In this way, we experimented the prediction model for cyber threats by analyzing the communication between the C&C server with zombie PCs.
- KSP Keywords
- Cyber threats, DNS traffic analysis, Distributed denial-of-service(DDoS), Internet service provider, Large-scale cyber attack, Persistent Threat(PT), Security threats, advanced persistent threat, denial of service(DoS), prediction model