Scenario Based Worm Trace Pattern Identification Technique

The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave on the attacker and victim logs, and the attack worm trace pattern are establish in order to reveal true attacker or victim. For the purpose of this paper, it will only concentrate on cybercrime that caused by malware network intrusion and used the traditional worm namely blaster worm variants. This research creates the concept of trace pattern by fusing the attacker’s and victim’s perspective. Therefore, the objective of this paper is to propose on attacker’s, victim’s and multi-step (attacker/victim)’s trace patterns by combining both perspectives. These three proposed worm trace patterns can be extended into research areas in alert correlation and computer forensic investigation. Keywords— trace pattern, attack pattern, log