Identifying Malware Using Cross-Evidence Correlation

This paper proposes a new correlation method for the automatic identification of malware traces across multiple computers. The method supports forensic investigations by efficiently identifying patterns in large, complex datasets using link mining techniques. Digital forensic processes are followed to ensure evidence integrity and chain of custody.

[1]  Golden G. Richard,et al.  FACE: Automated digital evidence discovery and correlation , 2008, Digit. Investig..

[2]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[3]  Simson L. Garfinkel,et al.  Forensic feature extraction and cross-drive analysis , 2006, Digit. Investig..

[4]  Chris Buzelli,et al.  Next-Generation DIGITAL FORENSICS , 2006 .

[5]  Uwe Aickelin,et al.  Detecting Botnets Through Log Correlation , 2010, ArXiv.

[6]  Ian Witten,et al.  Data Mining , 2000 .

[7]  Heikki Mannila,et al.  Principles of Data Mining , 2001, Undergraduate Topics in Computer Science.

[8]  Kang G. Shin,et al.  Detection of botnets using combined host- and network-level information , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[9]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.

[10]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[11]  T Khabaza Hard Hats For Data Miners: Myths And Pitfalls Of Data Mining , 2002 .

[12]  André Årnes,et al.  Storage and exchange formats for digital evidence , 2011, Digit. Investig..

[13]  Simson L. Garfinkel,et al.  Automating Disk Forensic Processing with SleuthKit, XML and Python , 2009, 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering.

[14]  Giovanni Vigna,et al.  Using a virtual security testbed for digital forensic reconstruction , 2007, Journal in Computer Virology.

[15]  Bradley L. Schatz,et al.  Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow , 2009, Digit. Investig..

[16]  Lise Getoor,et al.  Link mining: a survey , 2005, SKDD.

[17]  Xindong Wu,et al.  The Top Ten Algorithms in Data Mining , 2009 .

[18]  Anders Orsten Flaglien Cross-Computer Malware Detection in Digital Forensics , 2010 .

[19]  Jesus Mena,et al.  Investigative Data Mining for Security and Criminal Detection , 2002 .

[20]  Daniel Ayers,et al.  A second generation computer forensic analysis system , 2009, Digit. Investig..

[21]  Lise Getoor,et al.  Link mining: a new data mining challenge , 2003, SKDD.

[22]  Gang Wang,et al.  Crime data mining: a general framework and some examples , 2004, Computer.

[23]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..