Title :
An improved traditional worm attack pattern
Author :
Robiah, Y. ; Rahayu, S.S. ; Sahib, Shahrin ; Zaki, M.M. ; Faizal, M.A. ; Marliza, R.
Abstract :
The significant threats of traditional worms such as Blaster, Sasser, Code Red and Slammer are still continuing due to their hasty spreading nature on the internet. The worms attack pattern from three different scenarios have been extracted from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack pattern are further analyzed to form the general worms´ attack pattern which describes the process of worms´ infection. This paper proposes a general attack pattern for worm in three different perspectives which is attacker, victim and victim/attacker or multi-step attack using only Blaster variant. Thus, the general attack pattern can be extended into research areas in alert correlation and computer forensic investigation.
Keywords :
invasive software; IDS alert log; attacker logs; blaster; multi-step attack; victim logs; worm attack pattern; Grippers; Indexes; blaster attack; log; worm attack pattern;
Conference_Titel :
Information Technology (ITSim), 2010 International Symposium in
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-6715-0
DOI :
10.1109/ITSIM.2010.5561572
