Title :
Worm Path Identification Using Visualization System
Author :
Shibaguchi, Seiji ; Nakayama, Yuki ; Okada, Ken-ichi
Author_Institution :
Grad. Sch. of Sci. & Technol., Keio Univ., Yokohama, Japan
Abstract :
In this paper, we propose a visualization system for worm investigation, which finds worm origins and worm paths. Although investigation of worms are very important for forensic use and further prevention, it is quite difficult for automatic systems to identify worm origins or paths due to the trade-off between false positives and false negatives. Therefore, we focused on interaction between analysts and connection logs. At first, an automated algorithm is run so that there are no false negatives, and then analysts investigate the result to reduce false positives by visualized system. We aim to solve the trade-off by conducting these two steps. We implemented a prototype and conducted a user experiment to evaluate our system. The results show our system enabled subjects to reduce 90% of false detection by an automated algorithm. Although the results depend on parameters or conditions, we show the effectiveness of our idea.
Keywords :
data visualisation; invasive software; automated algorithm; digital forensics; visualization system; worm path identification; Computational modeling; Computer crime; Computer hacking; Computer security; Information security; Law; Legal factors; Network servers; Telecommunication traffic; Visualization; Visualization; Worm;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.340
