Reconstruction of Worm Propagation Path Using a Trace-back Approach
This work addresses worm origin identification and path reconstruction for digital forensics, but it is incremental as it modifies an existing algorithm.
The paper tackles the problem of reconstructing worm propagation paths in digital forensics by extending an existing trace-back algorithm to identify origins and reconstruct paths, achieving high recall and precision of around 0.96 and correct origin identification in all experiments.
Worm origin identification and propagation path reconstruction are essential problems in digital forensics. However, a small number of studies have specifically investigated these problems so far. In this paper, we extend a distributed trace-back algorithm, called Origins, which is only able to identify the origins of fast-spreading worms. We make some modifications to this algorithm so that in addition to identifying the worm origins, it can also reconstruct the propagation path. We also evaluate our extended algorithm. The results show that our algorithm can reconstruct the propagation path of worms with high recall and precision, on average around 0.96. Also, the algorithm identifies the origins correctly in all of our experiments.