Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.3.53

A Study of Formalized Presentation of Worm based on time-based Behavioral sequences  

Lee Min-Soo (Korea University)
Shon Tae-Shik (Samsung Electronics)
Cho Sang-Hyun (Korea University)
Kim Dong-Soo (National Security research institute)
Seo Jung-Taek (National Security research institute)
Sohn Ki-Wook (National Security research institute)
Moon Jong-Sub (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.3, 2006 , pp. 53-64 More about this Journal
Abstract
Worm analysis report currently produced by anti-virus companies closely resemble those of virus report and do not properly characterize the specific attributes of worms. In this paper, we propose formalized presentation method based on time-based behavioral sequences to more accurately characterize worms. we define a format based on the behavior and communication patterns that occur between an infected host and a target host. we also propose a method for presently worm analysis data with that format. We also compare our framework with analysis data provided by Symantec.
Keywords
Worm; Worm Behavioral Sequences; Taxonomy of Worm;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Whalley I, Arnold B, Chess D, Morar J, Segal A, Swimmer M, 'An Environment for Controlled Worm Replication and Analysis', Virus Bulletin Conference, 2000, pp 77-100
2 Szor P, 'The Art of Computer virus Research and defense', Addison-Wesley, 2005
3 Sysinternal, 'Sysinternal Utils', http://www.sys internals.com
4 symantec,,'Symantec Security Response', http:// securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html, Visited 2005
5 Moore D, Paxson V, Savage S, Shannon C, Staniford S and Weaver N,'Inside the slammer worm', IEEE Security and Privacy, August 2003, pp 33-39
6 snort,'Snort', http://www.snort.org Visited 2005
7 Kienzle DM, Elder MC, 'Recent Worms: A Survey and Trends', in Proceeding of the 2003 ACM workshop on Rapid Malcode, Oct 2003. pp 1-10
8 symantec,,'Symantec Security Response', http://securityresponse.symantec.com, Visited 2005
9 Wangner A, Dubendorfer T, Plattner B, Hiestand R, 'Experiences with worm propagation simulations' ,Proceedings of the 2003 ACM workshop on Rapid malcode Oct 2003, pp 34-4
10 symantec,,'Symantec Security Response', http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html, Visited 2005
11 symantec,,'Symantec Security Response', http:// securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html, Visited 2005
12 Weaver N, Paxson V, Staniford S and Cunningham R, 'A taxonomy of computer worms', in Proceeding of the 2003 ACM workshop on Rapid Malcode, Oct 2003. pp 11-18
13 Nazario J, Anderson J, Wash R and Connelly C, 'The Future of Internet Worms' 2001 Blackhat Briefings, LasVegas, NV, July 2001. pp 4-7