Scenario Based Worm Trace Pattern Identification Technique

TL;DR

This paper proposes a novel scenario-based method for identifying worm trace patterns by analyzing logs from different OSI layers, focusing on Blaster worm variants to aid in cybercrime investigation.

Contribution

It introduces a new approach to create combined attacker and victim trace patterns, enhancing cybercrime forensics and alert correlation capabilities.

Findings

Developed three new worm trace patterns for attackers and victims.

Validated the approach on Blaster worm variants.

Enhanced potential for forensic investigations and alert correlation.

Abstract

The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave on the attacker and victim logs, and the attack worm trace pattern are establish in order to reveal true attacker or victim. For the purpose of this paper, it will only concentrate on cybercrime that caused by malware network intrusion and used the traditional worm namely blaster worm variants. This research creates the concept of trace pattern by fusing the attackers and victims perspective. Therefore, the objective of this paper is to propose on attackers, victims and multistep, attacker or victim, trace patterns by combining both perspectives. These three proposed worm trace patterns can be extended into research areas in alert correlation and computer forensic investigation.