A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.

A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.

Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms a...

Full description

Bibliographic Details
Main Author: Mohd Saudi, Madihah
Other Authors: Cullen, Andrea J.
Language:en
Published: University of Bradford 2012
Subjects:
Apoptosis
Data mining
Security metrics
Knowledge discovery technique (KDD)
Standard Operating Procedures (SOP)
Worm incident response
Static analysis
Dynamic analysis
Worm rules
Worm classification
STAKCERT model
Worm detection
Internet security
Online Access:http://hdl.handle.net/10454/5410
id ndltd-BRADFORD-oai-bradscholars.brad.ac.uk-10454-5410
record_format oai_dc
spelling ndltd-BRADFORD-oai-bradscholars.brad.ac.uk-10454-54102019-08-31T03:02:53Z A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. Mohd Saudi, Madihah Cullen, Andrea J. Woodward, Mike E. Apoptosis Data mining Security metrics Knowledge discovery technique (KDD) Standard Operating Procedures (SOP) Worm incident response Static analysis Dynamic analysis Worm rules Worm classification STAKCERT model Worm detection Internet security Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future. Ministry of Higher Education, Malaysia and Universiti Sains Islam Malaysia (USIM) 2012-04-17T12:08:26Z 2012-04-17T12:08:26Z 2012-04-17 2011 Thesis doctoral PhD http://hdl.handle.net/10454/5410 en <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>. University of Bradford Department of Computing, School of Computing, Informatics and Media
collection NDLTD
language en
sources NDLTD
topic Apoptosis
Data mining
Security metrics
Knowledge discovery technique (KDD)
Standard Operating Procedures (SOP)
Worm incident response
Static analysis
Dynamic analysis
Worm rules
Worm classification
STAKCERT model
Worm detection
Internet security
spellingShingle Apoptosis
Data mining
Security metrics
Knowledge discovery technique (KDD)
Standard Operating Procedures (SOP)
Worm incident response
Static analysis
Dynamic analysis
Worm rules
Worm classification
STAKCERT model
Worm detection
Internet security
Mohd Saudi, Madihah
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
description Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future. === Ministry of Higher Education, Malaysia and Universiti Sains Islam Malaysia (USIM)
author2 Cullen, Andrea J.
author_facet Cullen, Andrea J.
Mohd Saudi, Madihah
author Mohd Saudi, Madihah
author_sort Mohd Saudi, Madihah
title A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
title_short A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
title_full A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
title_fullStr A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
title_full_unstemmed A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
title_sort new model for worm detection and response. development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
publisher University of Bradford
publishDate 2012
url http://hdl.handle.net/10454/5410
work_keys_str_mv AT mohdsaudimadihah anewmodelforwormdetectionandresponsedevelopmentandevaluationofanewmodelbasedonknowledgediscoveryanddataminingtechniquestodetectandrespondtoworminfectionbyintegratingincidentresponsesecuritymetricsandapoptosis
AT mohdsaudimadihah newmodelforwormdetectionandresponsedevelopmentandevaluationofanewmodelbasedonknowledgediscoveryanddataminingtechniquestodetectandrespondtoworminfectionbyintegratingincidentresponsesecuritymetricsandapoptosis
_version_ 1719239826031509504

Similar Items