Return to search

A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.

Worms have been improved and a range of sophisticated techniques have been
integrated, which make the detection and response processes much harder and
longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for
Computer Emergency Response Team) model is built to detect worms attack in
order to respond to worms more efficiently.
The novelty and the strengths of the STAKCERT model lies in the method
implemented which consists of STAKCERT KDD processes and the
development of STAKCERT worm classification, STAKCERT relational model
and STAKCERT worm apoptosis algorithm. The new concept introduced in this
model which is named apoptosis, is borrowed from the human immunology
system has been mapped in terms of a security perspective. Furthermore, the
encouraging results achieved by this research are validated by applying the
security metrics for assigning the weight and severity values to trigger the
apoptosis. In order to optimise the performance result, the standard operating
procedures (SOP) for worm incident response which involve static and dynamic
analyses, the knowledge discovery techniques (KDD) in modeling the
STAKCERT model and the data mining algorithms were used.
This STAKCERT model has produced encouraging results and outperformed
comparative existing work for worm detection. It produces an overall accuracy
rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate.
Worm response has resulted in an accuracy rate of 98.08% which later can be
used by other researchers as a comparison with their works in future. / Ministry of Higher Education, Malaysia
and Universiti Sains Islam Malaysia (USIM)

Identiferoai:union.ndltd.org:BRADFORD/oai:bradscholars.brad.ac.uk:10454/5410
Date January 2011
CreatorsMohd Saudi, Madihah
ContributorsCullen, Andrea J., Woodward, Mike E.
PublisherUniversity of Bradford, Department of Computing, School of Computing, Informatics and Media
Source SetsBradford Scholars
LanguageEnglish
Detected LanguageEnglish
TypeThesis, doctoral, PhD
Rights<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>.

Page generated in 0.0022 seconds