{"id":"https://openalex.org/W2958435858","doi":"https://doi.org/10.1109/isdfs.2019.8757544","title":"A four-step method for investigating network worm propagation","display_name":"A four-step method for investigating network worm propagation","publication_year":2019,"publication_date":"2019-06-01","ids":{"openalex":"https://openalex.org/W2958435858","doi":"https://doi.org/10.1109/isdfs.2019.8757544","mag":"2958435858"},"language":"en","primary_location":{"id":"doi:10.1109/isdfs.2019.8757544","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757544","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017027330","display_name":"Tala Tafazzoli","orcid":"https://orcid.org/0000-0001-6206-4972"},"institutions":[{"id":"https://openalex.org/I4210102178","display_name":"ICT Research Institute","ror":"https://ror.org/01a3g2z22","country_code":"IR","type":"facility","lineage":["https://openalex.org/I4210102178"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Tala Tafazzoli","raw_affiliation_strings":["ICT Security Department, ICT Research Institute (ITRC), Tehran, Iran"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ICT Security Department, ICT Research Institute (ITRC), Tehran, Iran","institution_ids":["https://openalex.org/I4210102178"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101811728","display_name":"Babak Sadeghiyan","orcid":"https://orcid.org/0000-0002-5947-7570"},"institutions":[{"id":"https://openalex.org/I158248296","display_name":"Amirkabir University of Technology","ror":"https://ror.org/04gzbav43","country_code":"IR","type":"education","lineage":["https://openalex.org/I158248296"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Babak Sadeghiyan","raw_affiliation_strings":["Computer and IT Department, Amirkabir University of Technology, Tehran, Iran"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer and IT Department, Amirkabir University of Technology, Tehran, Iran","institution_ids":["https://openalex.org/I158248296"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.5579,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.69997202,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7888312339782715},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.7170246839523315},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6056336760520935},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5886623859405518},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.5692737698554993},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.5118686556816101},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4917736351490021},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.490163654088974},{"id":"https://openalex.org/keywords/complex-network","display_name":"Complex network","score":0.46229857206344604},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.4206816554069519},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.41498705744743347},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.41278165578842163},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.35797029733657837},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.33497706055641174},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3267819285392761},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2008451223373413},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.11961737275123596}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7888312339782715},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.7170246839523315},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6056336760520935},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5886623859405518},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.5692737698554993},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.5118686556816101},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4917736351490021},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.490163654088974},{"id":"https://openalex.org/C34947359","wikidata":"https://www.wikidata.org/wiki/Q665189","display_name":"Complex network","level":2,"score":0.46229857206344604},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.4206816554069519},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.41498705744743347},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41278165578842163},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.35797029733657837},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.33497706055641174},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3267819285392761},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2008451223373413},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.11961737275123596},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isdfs.2019.8757544","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757544","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1544250839","https://openalex.org/W1595106420","https://openalex.org/W1600905319","https://openalex.org/W1966006953","https://openalex.org/W1976309217","https://openalex.org/W2031163547","https://openalex.org/W2057199594","https://openalex.org/W2095006675","https://openalex.org/W2101877806","https://openalex.org/W2110227539","https://openalex.org/W2137754263","https://openalex.org/W2141282814","https://openalex.org/W2150105124","https://openalex.org/W2258956667","https://openalex.org/W2274455420","https://openalex.org/W2288693043","https://openalex.org/W2289188741","https://openalex.org/W2360989194","https://openalex.org/W2369072273","https://openalex.org/W2479032158","https://openalex.org/W2528339895","https://openalex.org/W2730393987","https://openalex.org/W2963364606","https://openalex.org/W3105272691","https://openalex.org/W6632406976"],"related_works":["https://openalex.org/W2972427363","https://openalex.org/W2121070677","https://openalex.org/W2161391695","https://openalex.org/W4238452393","https://openalex.org/W1500698787","https://openalex.org/W188028618","https://openalex.org/W2489557937","https://openalex.org/W1970399788","https://openalex.org/W4385257722","https://openalex.org/W2111038567"],"abstract_inverted_index":{"Worm":[0],"origin":[1],"identification":[2],"and":[3,13,25,34,48,60,82,90,117,132],"propagation":[4,64,94,135],"path":[5,65,95],"reconstruction":[6],"are":[7],"important":[8],"topics":[9],"in":[10],"information":[11,17,40,101],"security":[12,43],"digital":[14],"forensics.":[15],"This":[16],"helps":[18],"forensic":[19],"investigators":[20],"to":[21,41,56,61,78,86,91,111,144],"guess":[22],"initial":[23],"suspects":[24],"do":[26],"further":[27],"investigations":[28],"on":[29],"the":[30,39,58,63,88,93,97,104,115,130,134,139],"suspicious":[31],"computers.":[32],"Network":[33],"system":[35],"administrators":[36],"also":[37,124],"use":[38,79],"identify":[42,57,87],"weaknesses":[44],"of":[45,52,66,74,121],"their":[46],"systems":[47],"networks.":[49],"The":[50,71,152],"goal":[51],"this":[53,75],"paper":[54,76],"is":[55,77],"origins":[59,89,131],"reconstruct":[62,92],"preferential":[67],"scanning":[68],"worm":[69,98],"back-in-time.":[70],"main":[72],"idea":[73],"back-to-origin":[80],"modeling":[81],"a":[83,108,149],"step-by-step":[84],"improvement,":[85],"after":[96],"outbreak":[99],"using":[100,138],"gathered":[102],"over":[103,114],"network.":[105],"We":[106,123],"construct":[107],"probabilistic":[109],"model":[110],"receive":[112],"features":[113],"network":[116],"estimate":[118],"infection":[119],"status":[120],"nodes.":[122],"developed":[125],"an":[126],"algorithm":[127],"that":[128],"identifies":[129],"reconstructs":[133],"path,":[136],"back-in-time":[137],"learned":[140],"model.":[141],"In":[142],"order":[143],"achieve":[145],"this,":[146],"we":[147],"used":[148],"4-step":[150],"method.":[151],"proposed":[153],"method":[154],"has":[155],"acceptable":[156],"accuracy.":[157]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}