A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.
Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms a...
Main Author: | |
---|---|
Other Authors: | |
Language: | en |
Published: |
University of Bradford
2012
|
Subjects: | |
Online Access: | http://hdl.handle.net/10454/5410 |
id |
ndltd-BRADFORD-oai-bradscholars.brad.ac.uk-10454-5410 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-BRADFORD-oai-bradscholars.brad.ac.uk-10454-54102019-08-31T03:02:53Z A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. Mohd Saudi, Madihah Cullen, Andrea J. Woodward, Mike E. Apoptosis Data mining Security metrics Knowledge discovery technique (KDD) Standard Operating Procedures (SOP) Worm incident response Static analysis Dynamic analysis Worm rules Worm classification STAKCERT model Worm detection Internet security Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future. Ministry of Higher Education, Malaysia and Universiti Sains Islam Malaysia (USIM) 2012-04-17T12:08:26Z 2012-04-17T12:08:26Z 2012-04-17 2011 Thesis doctoral PhD http://hdl.handle.net/10454/5410 en <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>. University of Bradford Department of Computing, School of Computing, Informatics and Media |
collection |
NDLTD |
language |
en |
sources |
NDLTD |
topic |
Apoptosis Data mining Security metrics Knowledge discovery technique (KDD) Standard Operating Procedures (SOP) Worm incident response Static analysis Dynamic analysis Worm rules Worm classification STAKCERT model Worm detection Internet security |
spellingShingle |
Apoptosis Data mining Security metrics Knowledge discovery technique (KDD) Standard Operating Procedures (SOP) Worm incident response Static analysis Dynamic analysis Worm rules Worm classification STAKCERT model Worm detection Internet security Mohd Saudi, Madihah A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
description |
Worms have been improved and a range of sophisticated techniques have been
integrated, which make the detection and response processes much harder and
longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for
Computer Emergency Response Team) model is built to detect worms attack in
order to respond to worms more efficiently.
The novelty and the strengths of the STAKCERT model lies in the method
implemented which consists of STAKCERT KDD processes and the
development of STAKCERT worm classification, STAKCERT relational model
and STAKCERT worm apoptosis algorithm. The new concept introduced in this
model which is named apoptosis, is borrowed from the human immunology
system has been mapped in terms of a security perspective. Furthermore, the
encouraging results achieved by this research are validated by applying the
security metrics for assigning the weight and severity values to trigger the
apoptosis. In order to optimise the performance result, the standard operating
procedures (SOP) for worm incident response which involve static and dynamic
analyses, the knowledge discovery techniques (KDD) in modeling the
STAKCERT model and the data mining algorithms were used.
This STAKCERT model has produced encouraging results and outperformed
comparative existing work for worm detection. It produces an overall accuracy
rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate.
Worm response has resulted in an accuracy rate of 98.08% which later can be
used by other researchers as a comparison with their works in future. === Ministry of Higher Education, Malaysia
and Universiti Sains Islam Malaysia (USIM) |
author2 |
Cullen, Andrea J. |
author_facet |
Cullen, Andrea J. Mohd Saudi, Madihah |
author |
Mohd Saudi, Madihah |
author_sort |
Mohd Saudi, Madihah |
title |
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
title_short |
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
title_full |
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
title_fullStr |
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
title_full_unstemmed |
A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
title_sort |
new model for worm detection and response. development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis. |
publisher |
University of Bradford |
publishDate |
2012 |
url |
http://hdl.handle.net/10454/5410 |
work_keys_str_mv |
AT mohdsaudimadihah anewmodelforwormdetectionandresponsedevelopmentandevaluationofanewmodelbasedonknowledgediscoveryanddataminingtechniquestodetectandrespondtoworminfectionbyintegratingincidentresponsesecuritymetricsandapoptosis AT mohdsaudimadihah newmodelforwormdetectionandresponsedevelopmentandevaluationofanewmodelbasedonknowledgediscoveryanddataminingtechniquestodetectandrespondtoworminfectionbyintegratingincidentresponsesecuritymetricsandapoptosis |
_version_ |
1719239826031509504 |