Tracing Technique for Blaster Attack
نویسندگان
چکیده
Blaster worm of 2003 is still persistent, the infection appears to have successfully transitioned to new hosts as the original systems are cleaned or shut off, suggesting that the Blaster worm, and other similar worms, will remain significant Internet threats for many years after their initial release. This paper is to propose technique on tracing the Blaster attack from various logs in different OSI layers based on fingerprint of Blaster attack on victim logs, attacker logs and IDS alert log. The researchers intended to do a preliminary investigation upon this particular attack so that it can be used for further research in alert correlation and computer forensic
منابع مشابه
New Multi-step Worm Attack Model
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack patte...
متن کاملScenario Based Worm Trace Pattern Identification Technique
The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave on the attacker and victim logs, and the attack worm trace pattern are establish in order to reveal true attacker or victim. For the purpose of this paper, it...
متن کاملWhy HP did not get "Blastered"
In August 2003 the IT industry was brought to its knees due to the release of a vicious worm called “Blaster” which cost the industry billions of dollars. However, HP was largely unaffected because of innovative technology produced jointly by HP Labs and Corporate IT that has been protecting our corporate network for over two years. In this paper we will explain how these new types of worms att...
متن کاملAltered expression of selectable marker URA3 in gene-disrupted Candida albicans strains complicates interpretation of virulence studies.
The ura-blaster technique for the disruption of Candida albicans genes has been employed in a number of studies to identify possible genes encoding virulence factors of this fungal pathogen. In this study, the URA3-encoded orotidine 5'-monophosphate (OMP) decarboxylase enzyme activities of C. albicans strains with ura-blaster-mediated genetic disruptions were measured. All strains harboring gen...
متن کاملProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting
Provenance tracing is a very important approach to Advanced Persistent Threat (APT) attack detection and investigation. Existing techniques either suffer from the dependence explosion problem or have non-trivial space and runtime overhead, which hinder their application in practice. We propose ProTracer, a lightweight provenance tracing system that alternates between system event logging and un...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/0908.3587 شماره
صفحات -
تاریخ انتشار 2009