A Methodology for Multipurpose DNS Sinkhole Analyzing Double Bounce Emails
作者: HeeSeok Kim , Sang-Soo Choi , Jungsuk Song
DOI: 10.1007/978-3-642-42054-2_76
关键词: Domain Name System 、 The Internet 、 Server 、 DNS sinkhole 、 Zombie 、 Botnet 、 Computer network 、 Computer science 、 Blacklist 、 Block (data storage)
摘要: DNS sinkhole is one of the powerful techniques to mitigate attack activities bots, i.e., zombie PCs, by blocking communication between C&C server and them. If a PC sends query our for communicating with its server, that contains domain blacklist servers returns IP address server. As result, since tries communicate it unable On other hand, there are many cyber attacks caused malicious URLs included in spam emails. Therefore, if we extract from emails apply them into system, based can be blocked. In this paper, propose methodology enhance capability system analyzing Especially, use double bounce emails, which do not have any valid sender recipient addresses, as Our preliminary experimental results demonstrate existing effective. Thus, design new method collecting show how generated. With using blacklist, will able early detect block latest behaviors on Internet.
springer.com
sci-hub.se 参考文章(7)
Peter Mameli, Adina Schwartz, John Kleinig, Seumas Miller, Douglas Salane, Security and Privacy: Global Standards for Ethical Identity Management in Contemporary Liberal Democratic States ,(2012)
Jungsuk Song, Daisuke Inoue, Masashi Eto, Mio Suzuki, Satoshi Hayashi, Koji Nakao, A Methodology for Analyzing Overall Flow of Spam-Based Attacks international conference on neural information processing. pp. 556- 564 ,(2009) , 10.1007/978-3-642-10684-2_62
Geoffrey M. Voelker, Chris Fleizach, Stefan Savage, David S. Anderson, Spamscatter: characterizing internet scam hosting infrastructure usenix security symposium. pp. 10- ,(2007)
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Koji NAKAO, Daisuke INOUE, Masashi ETO, Katsunari YOSHIOKA, Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring IEICE Transactions on Information and Systems. ,vol. 92, pp. 787- 798 ,(2009) , 10.1587/TRANSINF.E92.D.787
Nicholas Ianelli, Aaron Hackworth, Botnets as a Vehicle for Online Crimes First International Conference on Forensic Computer Science. pp. 15- 31 ,(2006) , 10.5769/C2006003
Nicolas Ianelli, Aaron Hackworth, Botnets as a Vehicle for Online Crime The International Journal of Forensic Computer Science. pp. 19- 39 ,(2007) , 10.5769/J200701002