A four-step method for investigating network worm propagation

2019 7th International Symposium on Digital Forensics and Security (ISDFS) Pub Date : 2019-06-01 DOI:10.1109/ISDFS.2019.8757544

Tala Tafazzoli, B. Sadeghiyan

{"title":"A four-step method for investigating network worm propagation","authors":"Tala Tafazzoli, B. Sadeghiyan","doi":"10.1109/ISDFS.2019.8757544","DOIUrl":null,"url":null,"abstract":"Worm origin identification and propagation path reconstruction are important topics in information security and digital forensics. This information helps forensic investigators to guess initial suspects and do further investigations on the suspicious computers. Network and system administrators also use the information to identify security weaknesses of their systems and networks. The goal of this paper is to identify the origins and to reconstruct the propagation path of preferential scanning worm back-in-time. The main idea of this paper is to use back-to-origin modeling and a step-by-step improvement, to identify the origins and to reconstruct the propagation path after the worm outbreak using information gathered over the network. We construct a probabilistic model to receive features over the network and estimate infection status of nodes. We also developed an algorithm that identifies the origins and reconstructs the propagation path, back-in-time using the learned model. In order to achieve this, we used a 4-step method. The proposed method has acceptable accuracy.","PeriodicalId":247412,"journal":{"name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISDFS.2019.8757544","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Worm origin identification and propagation path reconstruction are important topics in information security and digital forensics. This information helps forensic investigators to guess initial suspects and do further investigations on the suspicious computers. Network and system administrators also use the information to identify security weaknesses of their systems and networks. The goal of this paper is to identify the origins and to reconstruct the propagation path of preferential scanning worm back-in-time. The main idea of this paper is to use back-to-origin modeling and a step-by-step improvement, to identify the origins and to reconstruct the propagation path after the worm outbreak using information gathered over the network. We construct a probabilistic model to receive features over the network and estimate infection status of nodes. We also developed an algorithm that identifies the origins and reconstructs the propagation path, back-in-time using the learned model. In order to achieve this, we used a 4-step method. The proposed method has acceptable accuracy.

查看原文本刊更多论文

研究网络蠕虫传播的四步法

蠕虫起源识别和传播路径重构是信息安全和数字取证领域的重要课题。这些信息有助于法医调查人员猜测最初的嫌疑人，并对可疑计算机进行进一步调查。网络和系统管理员还使用这些信息来识别其系统和网络的安全弱点。本文的目标是识别优先扫描蠕虫的起源并重建其传播路径。本文的主要思想是使用回归原点建模和逐步改进，利用在网络上收集的信息来识别起源并重建蠕虫爆发后的传播路径。我们构建了一个概率模型来接收网络上的特征并估计节点的感染状态。我们还开发了一种算法，可以识别起源并重建传播路径，使用学习模型回溯。为了实现这一点，我们使用了一个四步法。该方法具有可接受的精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 7th International Symposium on Digital Forensics and Security (ISDFS)

自引率

0.00%

发文量