The number of crime committed based on the malware intrusion is never ending as the number of malware variants is growing tremendously and the usage of internet is expanding globally. Malicious codes easily obtained and use as one of weapon to gain t
heir objective illegally. Hence, in this research, diverse logs from different OSI layer are explored to identify the traces left on the attacker and victim logs in order to establish worm trace pattern to defending against the attack and help revealing true attacker or victim. For the purpose of this paper, it focused on malware intrusion and traditional worm namely sasser worm variants. The concept of trace pattern is created by fusing the attackers and victims perspective. Therefore, the objective of this paper is to propose a general worm trace pattern for attackers, victims and multi-step (attacker/victim)s by combining both perspectives. These three proposed worm trace patterns can be extended into research areas in alert correlation and computer forensic investigation.
The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave on the atta
cker and victim logs, and the attack worm trace pattern are establish in order to reveal true attacker or victim. For the purpose of this paper, it will only concentrate on cybercrime that caused by malware network intrusion and used the traditional worm namely blaster worm variants. This research creates the concept of trace pattern by fusing the attackers and victims perspective. Therefore, the objective of this paper is to propose on attackers, victims and multistep, attacker or victim, trace patterns by combining both perspectives. These three proposed worm trace patterns can be extended into research areas in alert correlation and computer forensic investigation.
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack
pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack pattern can be abstracted to form worms attack model which describes the process of worms infection. For the purpose of this paper, only Blaster variants were used during the experiment. This paper proposes a multi-step worm attack model which can be extended into research areas in alert correlation and computer forensic investigation.
Malware is a type of malicious program that replicate from host machine and propagate through network. It has been considered as one type of computer attack and intrusion that can do a variety of malicious activity on a computer. This paper addresses
the current trend of malware detection techniques and identifies the significant criteria in each technique to improve malware detection in Intrusion Detection System (IDS). Several existing techniques are analyzing from 48 various researches and the capability criteria of malware detection technique have been reviewed. From the analysis, a new generic taxonomy of malware detection technique have been proposed named Hybrid Malware Detection Technique (Hybrid MDT) which consists of Hybrid Signature and Anomaly detection technique and Hybrid Specification based and Anomaly detection technique to complement the weaknesses of the existing malware detection technique in detecting known and unknown attack as well as reducing false alert before and during the intrusion occur.
