Authors: Madihah Mohd Saudi, Andrea J Cullen, Mike E Woodward

Abstract:

This paper presents a new STAKCERT KDD processes for worm detection. The enhancement introduced in the data-preprocessing resulted in the formation of a new STAKCERT model for worm detection. In this paper we explained in detail how all the processes involved in the STAKCERT KDD processes are applied within the STAKCERT model for worm detection. Based on the experiment conducted, the STAKCERT model yielded a 98.13% accuracy rate for worm detection by integrating the STAKCERT KDD processes.

Keywords: data mining, incident response, KDD processes, security metrics and worm detection.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1063320

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1607

References:

[1] Swabey,P., "US Department of Defense bans USB drives after worm attack", 20th November 2008, Source: Information Age Today, Available from: http://www.information-age.com/home/informationage- today/814827/us-department-of-defense-bans-usb-drives-afterworm- attack.thtml
[Accessed: 31st March 2011].
[2] Swabey,P. , "Virus takes down three hospitals", 19th November 2008, Source: Information Age Today, Available from: http://www.information-age.com/home/information-agetoday/ 814312/virus-takes-down-three-hospitals-it-systems.thtml
[Accessed: 31st March 2011].
[3] Keizer, G. , "Amazing' worm attack infects 9 million PCs", 19th January 2009, Source: Computerworld Security, Available from: http://www.computerworld.com/s/article/9126205/_Amazing_worm_att ack_infects_9_million_PCs
[Accessed: 31st March 2011].
[4] Alexander Gostev,"Malware Evolution 2010", Kaspersky Security Buletin.17 Feb 2011,URL: http://www.securelist.com/en/analysis/204792161/Kaspersky_Security_ Bulletin_Malware_Evolution_2010#22
[Accessed: 31st March 2011].
[5] Dai,J., Guha,R. and Lee,J., "Efficient Virus Detection Using Dynamic Instruction Sequences", Journal of Computers, Vol 4, No 5, 2009, pp. 405-414.
[6] VXHeavens website, "Virus Collection", 2009, Available: http://vx.netlux.org/vl.php.
[Accessed: 31st March 2011].
[7] Piatetsky-Shapiro, G., "Knowledge Discovery in Real Databases: A Report on the IJCAI-89 Workshop". AI Magazine 11(5), 199, pp.68-70.
[8] Fayyad, U., Piatetsky-Shapiro, G. and Smyth, P., "The KDD Process for Extracting Useful Knowledge", Volumes of Data. Communications of the ACM, v. 39(no. 11), 1996, pp. 27-34.
[9] Maimon,O. and Rokach,L.,"Introduction to Knowledge Discovery and Data Mining", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd edn. New York:Springer, 2010, pp 1-15.
[10] Lavrac,N. and Zupan,B. " Data Mining in Medicine", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd edn. New York:Springer, 2010, pp. 1111-1136.
[11] Kovalerchuk,B. and Vityaev,E., "Data Mining for Financial Applications" , In: Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd edn. New York:Springer, 2010,pp. 1154-1169
[12] Singhal,A. and Jajodia,S., "Data Mining for Intrusion Detection", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd edn. New York:Springer, 2010, pp.1171-1180.
[13] Thearling,K.,"Data Mining for CRM", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd edn. New York:Springer, 2010, pp.1181-1188
[14] Saudi,M.M, Cullen, A.J. and Woodward, M.E., "Statistical Analysis in Evaluating STAKCERT Infection, Activation and Payload Methods", Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering 2010, WCE 2010, 30 June - 2 July, 2010, London, U.K.pp 474-479.
[15] Saudi,M. M., M.Tamil, E., Cullen,A.J., Woodward, M., I.Idris,M.Y., Reverse Engineering: EDOWA Worm Analysis and Classification. In: Ao,S.I.& Gelman,L.,eds. Advances in Electrical Engineering and Computational Science, Lecture Notes in Electrical Engineering. Berlin: Springer Netherlands, April 2009, pp. 277-288.
[16] Prosise, C., Mandia,K. and Pepe,M..Incident Response and Computer Forensics, Second Edition, McGraw-Hill, 2003, p15.
[17] SANS Institute. "Security 504.1 Incident Handling Step-by-Step and Computer Crime Investigation". SANS Institute,2008..
[18] Jaquith, A., "Security metrics: replacing fear, uncertainty and doubt". United States of America: Addison-Wesley. 2007, p40.
[19] Atzeni,A. and Lioy,A., "Why to adopt a security metric? A brief survey". In: Gollmann,D., Massacci,F. and Yautsiukhin,A. (eds.), Quality of ProtectionSecurity Measurements and Metrics, USA: Springer, 2006, pp1-12.
[20] MyCERT website, "Computer Worm Incident Handling Standard Operating Procedure",2002, URL: http://www.mycert.org.my/en/services/advisories/mycert/2002/main/det ail/111/index.html
[Accessed: 31st March 2011].
[21] Hall,M., Frank,E., Holmes,G., Pfahringer,B., Reutemann,P. and Witten,I.H., "The WEKA Data Mining Software: An Update; SIGKDD Explorations", Volume 11, Issue 1,2009.
[22] BSI. "Information security management, BS7799, part 1: code of practice for information security management", 1999.
[23] Mitropoulos, S., Patsos, D. & Douligeris, C. "On Incident Handling and Response: A state-of-the-art approach", Computers & Security, Volume 25, 2006, pp.351-370,.
[Accessed: 31st March 2011].
[24] Saudi, M.M, Cullen, A.J. and Woodward, M.E., STAKCERT Worm Relational Model for Worm Detection, Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering 2010, WCE 2010, 30 June - 2 July, 2010, London, U.K.pp 469-473