Worm origin identification and propagation path reconstruction are among the
essential problems in digital forensics. Until now, several methods have been
proposed for this purpose. However, evaluating these methods is a big challenge
because there are no suitable datasets containing both normal background
traffic and worm traffic to evaluate these methods. In this paper, we
investigate different methods of generating such datasets and suggest a
technique for this purpose. ReaSE is a tool for the creation of realistic
simulation environments. However, it needs some modifications to be suitable
for generating the datasets. So we make required modifications to it. Then, we
generate several datasets for Slammer, Code Red I, Code Red II and modified
versions of these worms in different scenarios using our technique and make
them publicly available.

By admin