Skip to Main content Skip to Navigation
Conference papers

Identifying Malware Using Cross-Evidence Correlation

Anders Flaglien 1 Katrin Franke 2 Andre Arnes 2, 3
1 Accenture [Oslo]
2 Norwegian Information Security Laboratory
3 Enterprise Security and Connectivity, laboratory
Abstract : This paper proposes a new correlation method for the automatic identification of malware traces across multiple computers. The method supports forensic investigations by efficiently identifying patterns in large, complex datasets using link mining techniques. Digital forensic processes are followed to ensure evidence integrity and chain of custody.
Keywords : Botnets malware detection link mining evidence correlation
Document type :
Conference papers
Complete list of metadata

Cited literature [24 references]  Display  Hide  Download
https://hal.inria.fr/hal-01569545
Contributor : Hal Ifip <>
Submitted on : Thursday, July 27, 2017 - 8:22:21 AM
Last modification on : Thursday, March 5, 2020 - 4:46:41 PM

File

Vignette du document
978-3-642-24212-0_13_Chapter.p...
Files produced by the author(s)

Licence

Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

IFIP | IFIP-AICT | IFIP-AICT-361 | IFIP-DF | IFIP-TC11 | IFIP-TC | IFIP-WG11-9 | IFIP-LNCS | IFIP-WG

Citation

Anders Flaglien, Katrin Franke, Andre Arnes. Identifying Malware Using Cross-Evidence Correlation. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.169-182, ⟨10.1007/978-3-642-24212-0_13⟩. ⟨hal-01569545⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

347

Files downloads

281

 

Contact                    Legal Notice                    Personal Data