New Multi-step Worm Attack Model
Y. Robiah, S. Siti Rahayu, S. Shahrin, M. A. Faizal, M. Mohd Zaki, R., Marliza
TL;DR
This paper introduces a multi-step attack model for worms like Blaster, aiding in alert correlation and forensic analysis by abstracting infection patterns across OSI layers.
Contribution
It presents a novel multi-step worm attack model based on analysis of logs, specifically focusing on Blaster variants, to enhance understanding and detection.
Findings
Analyzed attack patterns across OSI layers
Developed a multi-step attack model for worms
Model can be extended for alert correlation and forensics
Abstract
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack pattern can be abstracted to form worms' attack model which describes the process of worms' infection. For the purpose of this paper, only Blaster variants were used during the experiment. This paper proposes a multi-step worm attack model which can be extended into research areas in alert correlation and computer forensic investigation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Digital and Cyber Forensics