Advanced Bot Response Mechanism based on DNS Sinkhole

Abstract

Malicious attacks in cyberspace have been continuously increasing. In particular, widely distributed bots are leading the cyber attacks such as distribute denial of service attack, spamming, critical information hijacking. Various technologies for bot detection and response are being developed, DNS-Sinkhole technique is known as the most effective way to respond to bot activities. However, legacy sinkhole system has a variety of limitations such as low accuracy and limited information, because it was developed for detection of early bot technology (IRC bot). In this paper, we propose an advanced bot response mechanism by using enhanced DNS-Sinkhole system. Especially, we focus on the improving of post-processing mechanism based on packet analysis. The proposed mechanism and system allow more efficient bot response by extending detection range and providing high detection accuracy.