{"id":342,"date":"2012-10-04T19:18:50","date_gmt":"2012-10-04T19:18:50","guid":{"rendered":"http:\/\/digitalfire.ucd.ie\/?p=342"},"modified":"2013-03-10T03:46:29","modified_gmt":"2013-03-10T03:46:29","slug":"a-novel-methodology-for-malware-intrusion-attack-path-reconstruction","status":"publish","type":"post","link":"https:\/\/dfire.ucd.ie\/?p=342","title":{"rendered":"A Novel Methodology for Malware Intrusion Attack Path Reconstruction"},"content":{"rendered":"

<\/strong>\"\"<\/a>When a malware outbreak happens in an organization, one of the main questions that needs to be investigated is how the malware got in. It is important to get an answer to this question to identify and close the exploited technical and\/or human vulnerabilities. This paper proposes a\u00a0method for malware intrusion path reconstruction in a network of computers running Microsoft Windows. The method is based on the analysis of Windows Restore Points from the compromised computers. \u00a0The idea is that malware infection traces from different computers can be correlated in time to identify the progress of the malware through the network and to identify the likely initial point of infection.<\/p>\n

A simulated case\u00a0study is given that demonstrates the viability of the proposed attack path\u00a0reconstruction technique.<\/p>\n

[A Novel methodology for Malware Intrusion Attack Path Reconstruction<\/a>\u00a0Paper].<\/p>\n","protected":false},"excerpt":{"rendered":"

When a malware outbreak happens in an organization, one of the main questions that needs to be investigated is how the malware got in. It is important to get an answer to this question to identify and close the exploited technical and\/or human vulnerabilities. This paper proposes a\u00a0method for malware intrusion path reconstruction in a […]<\/p>\n","protected":false},"author":5,"featured_media":483,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,34],"tags":[],"class_list":["post-342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","category-dfire-publications"],"_links":{"self":[{"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/posts\/342"}],"collection":[{"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=342"}],"version-history":[{"count":39,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/posts\/342\/revisions"}],"predecessor-version":[{"id":844,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/posts\/342\/revisions\/844"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=\/wp\/v2\/media\/483"}],"wp:attachment":[{"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dfire.ucd.ie\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}