Tracing Technique for Blaster Attack
Siti Rahayu S., Robiah Y., Shahrin S., Faizal M. A., Mohd Zaki M, Irda, R
TL;DR
This paper proposes a technique to trace the Blaster worm attack across multiple OSI layers using logs and IDS alerts, aiding in forensic investigation and alert correlation.
Contribution
It introduces a novel method for tracing Blaster attacks through log analysis across different OSI layers, enhancing forensic and detection capabilities.
Findings
Effective identification of Blaster attack fingerprints in logs
Potential for improved alert correlation in intrusion detection
Foundation for further forensic research on worm attacks
Abstract
Blaster worm of 2003 is still persistent, the infection appears to have successfully transitioned to new hosts as the original systems are cleaned or shut off, suggesting that the Blaster worm, and other similar worms, will remain significant Internet threats for many years after their initial release. This paper is to propose technique on tracing the Blaster attack from various logs in different OSI layers based on fingerprint of Blaster attack on victim logs, attacker logs and IDS alert log. The researchers intended to do a preliminary investigation upon this particular attack so that it can be used for further research in alert correlation and computer forensic investigation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Digital and Cyber Forensics