Efficient STAKCERT KDD Processes in Worm Detection
This paper presents a new STAKCERT KDD
processes for worm detection. The enhancement introduced in the
data-preprocessing resulted in the formation of a new STAKCERT
model for worm detection. In this paper we explained in detail how
all the processes involved in the STAKCERT KDD processes are
applied within the STAKCERT model for worm detection. Based on
the experiment conducted, the STAKCERT model yielded a 98.13%
accuracy rate for worm detection by integrating the STAKCERT
KDD processes.
[1] Swabey,P., "US Department of Defense bans USB drives after worm
attack", 20th November 2008, Source: Information Age Today,
Available from: http://www.information-age.com/home/informationage-
today/814827/us-department-of-defense-bans-usb-drives-afterworm-
attack.thtml [Accessed: 31st March 2011].
[2] Swabey,P. , "Virus takes down three hospitals", 19th November 2008,
Source: Information Age Today, Available from:
http://www.information-age.com/home/information-agetoday/
814312/virus-takes-down-three-hospitals-it-systems.thtml
[Accessed: 31st March 2011].
[3] Keizer, G. , "Amazing' worm attack infects 9 million PCs", 19th January
2009, Source: Computerworld Security, Available from:
http://www.computerworld.com/s/article/9126205/_Amazing_worm_att
ack_infects_9_million_PCs[Accessed: 31st March 2011].
[4] Alexander Gostev,"Malware Evolution 2010", Kaspersky Security
Buletin.17 Feb 2011,URL:
http://www.securelist.com/en/analysis/204792161/Kaspersky_Security_
Bulletin_Malware_Evolution_2010#22 [Accessed: 31st March 2011].
[5] Dai,J., Guha,R. and Lee,J., "Efficient Virus Detection Using Dynamic
Instruction Sequences", Journal of Computers, Vol 4, No 5, 2009, pp.
405-414.
[6] VXHeavens website, "Virus Collection", 2009, Available:
http://vx.netlux.org/vl.php. [Accessed: 31st March 2011].
[7] Piatetsky-Shapiro, G., "Knowledge Discovery in Real Databases: A
Report on the IJCAI-89 Workshop". AI Magazine 11(5), 199, pp.68-70.
[8] Fayyad, U., Piatetsky-Shapiro, G. and Smyth, P., "The KDD Process for
Extracting Useful Knowledge", Volumes of Data. Communications of
the ACM, v. 39(no. 11), 1996, pp. 27-34.
[9] Maimon,O. and Rokach,L.,"Introduction to Knowledge Discovery and
Data Mining", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and
knowledge discovery. 2nd edn. New York:Springer, 2010, pp 1-15.
[10] Lavrac,N. and Zupan,B. " Data Mining in Medicine", In: Maimon,
Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd
edn. New York:Springer, 2010, pp. 1111-1136.
[11] Kovalerchuk,B. and Vityaev,E., "Data Mining for Financial
Applications" , In: Maimon, Oded; Rokach, Lior ,eds. Data mining and
knowledge discovery. 2nd edn. New York:Springer, 2010,pp. 1154-1169
[12] Singhal,A. and Jajodia,S., "Data Mining for Intrusion Detection", In:
Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge
discovery. 2nd edn. New York:Springer, 2010, pp.1171-1180.
[13] Thearling,K.,"Data Mining for CRM", In: Maimon, Oded; Rokach, Lior
,eds. Data mining and knowledge discovery. 2nd edn. New
York:Springer, 2010, pp.1181-1188
[14] Saudi,M.M, Cullen, A.J. and Woodward, M.E., "Statistical Analysis in
Evaluating STAKCERT Infection, Activation and Payload Methods",
Lecture Notes in Engineering and Computer Science: Proceedings of
The World Congress on Engineering 2010, WCE 2010, 30 June - 2 July,
2010, London, U.K.pp 474-479.
[15] Saudi,M. M., M.Tamil, E., Cullen,A.J., Woodward, M., I.Idris,M.Y.,
Reverse Engineering: EDOWA Worm Analysis and Classification. In:
Ao,S.I.& Gelman,L.,eds. Advances in Electrical Engineering and
Computational Science, Lecture Notes in Electrical Engineering.
Berlin: Springer Netherlands, April 2009, pp. 277-288.
[16] Prosise, C., Mandia,K. and Pepe,M..Incident Response and Computer
Forensics, Second Edition, McGraw-Hill, 2003, p15.
[17] SANS Institute. "Security 504.1 Incident Handling Step-by-Step and
Computer Crime Investigation". SANS Institute,2008..
[18] Jaquith, A., "Security metrics: replacing fear, uncertainty and doubt".
United States of America: Addison-Wesley. 2007, p40.
[19] Atzeni,A. and Lioy,A., "Why to adopt a security metric? A brief
survey". In: Gollmann,D., Massacci,F. and Yautsiukhin,A. (eds.),
Quality of ProtectionSecurity Measurements and Metrics, USA:
Springer, 2006, pp1-12.
[20] MyCERT website, "Computer Worm Incident Handling Standard
Operating Procedure",2002, URL:
http://www.mycert.org.my/en/services/advisories/mycert/2002/main/det
ail/111/index.html [Accessed: 31st March 2011].
[21] Hall,M., Frank,E., Holmes,G., Pfahringer,B., Reutemann,P. and
Witten,I.H., "The WEKA Data Mining Software: An Update; SIGKDD
Explorations", Volume 11, Issue 1,2009.
[22] BSI. "Information security management, BS7799, part 1: code of
practice for information security management", 1999.
[23] Mitropoulos, S., Patsos, D. & Douligeris, C. "On Incident Handling
and Response: A state-of-the-art approach", Computers & Security,
Volume 25, 2006, pp.351-370,. [Accessed: 31st March 2011].
[24] Saudi, M.M, Cullen, A.J. and Woodward, M.E., STAKCERT Worm
Relational Model for Worm Detection, Lecture Notes in Engineering
and Computer Science: Proceedings of The World Congress on
Engineering 2010, WCE 2010, 30 June - 2 July, 2010, London, U.K.pp
469-473
[1] Swabey,P., "US Department of Defense bans USB drives after worm
attack", 20th November 2008, Source: Information Age Today,
Available from: http://www.information-age.com/home/informationage-
today/814827/us-department-of-defense-bans-usb-drives-afterworm-
attack.thtml [Accessed: 31st March 2011].
[2] Swabey,P. , "Virus takes down three hospitals", 19th November 2008,
Source: Information Age Today, Available from:
http://www.information-age.com/home/information-agetoday/
814312/virus-takes-down-three-hospitals-it-systems.thtml
[Accessed: 31st March 2011].
[3] Keizer, G. , "Amazing' worm attack infects 9 million PCs", 19th January
2009, Source: Computerworld Security, Available from:
http://www.computerworld.com/s/article/9126205/_Amazing_worm_att
ack_infects_9_million_PCs[Accessed: 31st March 2011].
[4] Alexander Gostev,"Malware Evolution 2010", Kaspersky Security
Buletin.17 Feb 2011,URL:
http://www.securelist.com/en/analysis/204792161/Kaspersky_Security_
Bulletin_Malware_Evolution_2010#22 [Accessed: 31st March 2011].
[5] Dai,J., Guha,R. and Lee,J., "Efficient Virus Detection Using Dynamic
Instruction Sequences", Journal of Computers, Vol 4, No 5, 2009, pp.
405-414.
[6] VXHeavens website, "Virus Collection", 2009, Available:
http://vx.netlux.org/vl.php. [Accessed: 31st March 2011].
[7] Piatetsky-Shapiro, G., "Knowledge Discovery in Real Databases: A
Report on the IJCAI-89 Workshop". AI Magazine 11(5), 199, pp.68-70.
[8] Fayyad, U., Piatetsky-Shapiro, G. and Smyth, P., "The KDD Process for
Extracting Useful Knowledge", Volumes of Data. Communications of
the ACM, v. 39(no. 11), 1996, pp. 27-34.
[9] Maimon,O. and Rokach,L.,"Introduction to Knowledge Discovery and
Data Mining", In: Maimon, Oded; Rokach, Lior ,eds. Data mining and
knowledge discovery. 2nd edn. New York:Springer, 2010, pp 1-15.
[10] Lavrac,N. and Zupan,B. " Data Mining in Medicine", In: Maimon,
Oded; Rokach, Lior ,eds. Data mining and knowledge discovery. 2nd
edn. New York:Springer, 2010, pp. 1111-1136.
[11] Kovalerchuk,B. and Vityaev,E., "Data Mining for Financial
Applications" , In: Maimon, Oded; Rokach, Lior ,eds. Data mining and
knowledge discovery. 2nd edn. New York:Springer, 2010,pp. 1154-1169
[12] Singhal,A. and Jajodia,S., "Data Mining for Intrusion Detection", In:
Maimon, Oded; Rokach, Lior ,eds. Data mining and knowledge
discovery. 2nd edn. New York:Springer, 2010, pp.1171-1180.
[13] Thearling,K.,"Data Mining for CRM", In: Maimon, Oded; Rokach, Lior
,eds. Data mining and knowledge discovery. 2nd edn. New
York:Springer, 2010, pp.1181-1188
[14] Saudi,M.M, Cullen, A.J. and Woodward, M.E., "Statistical Analysis in
Evaluating STAKCERT Infection, Activation and Payload Methods",
Lecture Notes in Engineering and Computer Science: Proceedings of
The World Congress on Engineering 2010, WCE 2010, 30 June - 2 July,
2010, London, U.K.pp 474-479.
[15] Saudi,M. M., M.Tamil, E., Cullen,A.J., Woodward, M., I.Idris,M.Y.,
Reverse Engineering: EDOWA Worm Analysis and Classification. In:
Ao,S.I.& Gelman,L.,eds. Advances in Electrical Engineering and
Computational Science, Lecture Notes in Electrical Engineering.
Berlin: Springer Netherlands, April 2009, pp. 277-288.
[16] Prosise, C., Mandia,K. and Pepe,M..Incident Response and Computer
Forensics, Second Edition, McGraw-Hill, 2003, p15.
[17] SANS Institute. "Security 504.1 Incident Handling Step-by-Step and
Computer Crime Investigation". SANS Institute,2008..
[18] Jaquith, A., "Security metrics: replacing fear, uncertainty and doubt".
United States of America: Addison-Wesley. 2007, p40.
[19] Atzeni,A. and Lioy,A., "Why to adopt a security metric? A brief
survey". In: Gollmann,D., Massacci,F. and Yautsiukhin,A. (eds.),
Quality of ProtectionSecurity Measurements and Metrics, USA:
Springer, 2006, pp1-12.
[20] MyCERT website, "Computer Worm Incident Handling Standard
Operating Procedure",2002, URL:
http://www.mycert.org.my/en/services/advisories/mycert/2002/main/det
ail/111/index.html [Accessed: 31st March 2011].
[21] Hall,M., Frank,E., Holmes,G., Pfahringer,B., Reutemann,P. and
Witten,I.H., "The WEKA Data Mining Software: An Update; SIGKDD
Explorations", Volume 11, Issue 1,2009.
[22] BSI. "Information security management, BS7799, part 1: code of
practice for information security management", 1999.
[23] Mitropoulos, S., Patsos, D. & Douligeris, C. "On Incident Handling
and Response: A state-of-the-art approach", Computers & Security,
Volume 25, 2006, pp.351-370,. [Accessed: 31st March 2011].
[24] Saudi, M.M, Cullen, A.J. and Woodward, M.E., STAKCERT Worm
Relational Model for Worm Detection, Lecture Notes in Engineering
and Computer Science: Proceedings of The World Congress on
Engineering 2010, WCE 2010, 30 June - 2 July, 2010, London, U.K.pp
469-473
@article{"International Journal of Information, Control and Computer Sciences:55737", author = "Madihah Mohd Saudi and Andrea J Cullen and Mike E Woodward", title = "Efficient STAKCERT KDD Processes in Worm Detection", abstract = "This paper presents a new STAKCERT KDD
processes for worm detection. The enhancement introduced in the
data-preprocessing resulted in the formation of a new STAKCERT
model for worm detection. In this paper we explained in detail how
all the processes involved in the STAKCERT KDD processes are
applied within the STAKCERT model for worm detection. Based on
the experiment conducted, the STAKCERT model yielded a 98.13%
accuracy rate for worm detection by integrating the STAKCERT
KDD processes.", keywords = "data mining, incident response, KDD processes,security metrics and worm detection.", volume = "5", number = "7", pages = "758-5", }
