Worm origin identification and propagation path reconstruction are among the essential problems in digital forensics. Until now, several methods have been proposed for this purpose. However, evaluating these methods is a big challenge because there are no suitable datasets containing both normal background traffic and worm traffic to evaluate these methods. In this paper, we investigate different methods of generating such datasets and suggest a technique for this purpose. ReaSE is a tool for the creation of realistic simulation environments. However, it needs some modifications to be suitable for generating the datasets. So we make required modifications to it. Then, we generate several datasets for Slammer, Code Red I, Code Red II and modified versions of these worms in different scenarios using our technique and make them publicly available.
翻译:虫源的识别和传播路径的重建是数字法证中的基本问题之一。 到目前为止,已经为此提出了几种方法。 但是,评估这些方法是一个巨大的挑战,因为没有包含正常背景流量和蠕虫流量的适当数据集来评估这些方法。 在本文中,我们调查了生成这种数据集的不同方法,并为此目的提出一种技术。 ReaSE是创造现实模拟环境的工具。然而,它需要作一些修改,以适合生成数据集。因此,我们对此做了必要的修改。然后,我们利用我们的技术,为Slamer、Red I、Red II和不同情况下的这些虫子的修改版本制作了数套数据集,并公布这些数据集。