Identifying Malware Using Cross-Evidence Correlation

Anders Flaglien; Katrin Franke; Andre Arnes

doi:10.1007/978-3-642-24212-0_13

Conference Papers Year : 2011

Identifying Malware Using Cross-Evidence Correlation

(1) , (2) , (2, 3)

1
2
3

Anders Flaglien

Function : Author

Accenture [Oslo]

Katrin Franke

Function : Author

Norwegian Information Security Laboratory

Andre Arnes

Function : Author

Norwegian Information Security Laboratory

Enterprise Security and Connectivity, laboratory

Abstract

This paper proposes a new correlation method for the automatic identification of malware traces across multiple computers. The method supports forensic investigations by efficiently identifying patterns in large, complex datasets using link mining techniques. Digital forensic processes are followed to ensure evidence integrity and chain of custody.

Keywords

Botnets malware detection link mining evidence correlation

Domains

Computer Science [cs]

Fichier principal

978-3-642-24212-0_13_Chapter.pdf (401.59 Ko)

Origin	Files produced by the author(s)

Hal Ifip : Connect in order to contact the contributor

https://inria.hal.science/hal-01569545

Submitted on : Thursday, July 27, 2017-8:22:21 AM

Last modification on : Thursday, March 5, 2020-4:46:41 PM

Dates and versions

hal-01569545 , version 1 (27-07-2017)

Licence

Attribution

Identifiers

HAL Id : hal-01569545 , version 1
DOI : 10.1007/978-3-642-24212-0_13

Cite

Anders Flaglien, Katrin Franke, Andre Arnes. Identifying Malware Using Cross-Evidence Correlation. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.169-182, ⟨10.1007/978-3-642-24212-0_13⟩. ⟨hal-01569545⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-AICT IFIP-TC IFIP-WG IFIP-TC11 IFIP-DF IFIP-WG11-9 IFIP-AICT-361

224 View

142 Download

Identifying Malware Using Cross-Evidence Correlation

Abstract

Keywords

Domains

Dates and versions

Licence

Identifiers

Cite

Export

Collections

Altmetric

Share