Research Article
A Novel Methodology for Malware Intrusion Attack Path Reconstruction
580 downloads
@INPROCEEDINGS{10.1007/978-3-642-35515-8_11, author={Ahmed Shosha and Joshua James and Pavel Gladyshev}, title={A Novel Methodology for Malware Intrusion Attack Path Reconstruction}, proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={12}, keywords={Malware Analysis Attack Path Reconstruction Digital Forensics Network Forensics Automatic Event Reconstruction}, doi={10.1007/978-3-642-35515-8_11} }- Ahmed Shosha
Joshua James
Pavel Gladyshev
Year: 2012
A Novel Methodology for Malware Intrusion Attack Path Reconstruction
ICDF2C
Springer
DOI: 10.1007/978-3-642-35515-8_11
Abstract
After an intrusion has propagated between hosts, or even between networks, determining the propagation path is critical to assess exploited network vulnerabilities, and also to determine the vector and intent of the initial intrusion. This work proposes a novel method for malware intrusion attack path reconstruction that extends post-mortem system state comparison methods with network-level correlation and timeline analysis. This work shows that intrusion-related events can be reconstructed at the host level and correlated between related hosts and networks to reconstruct the overall path of an attack. A case study is given that demonstrates the applicability of the attack path reconstruction technique.
Copyright © 2011–2024 ICST
