A procedure is one of the most important elements that should be emphasized when handling any incident related with the cyber world. It is easily forgotten by many organizations, IT administrator and users, especially when dealing with the worms attack. Using the incident response methodology as the basis to build up the STAKCERT framework, the researchers have proposed this novel framework which helps to increase the efficiency in handling worm incident, thus facilitate the process of responding to the worm incident The STAKCERT framework consists of 2 phases where in phase 1, a novel standard operating procedure in worm detection and analysis have been introduced. In phase 2 of the framework, the worm isolation procedure is inspired by apoptosis. Apoptosis is also known as cell programmed death borrowed from the biology term.

In this paper, a new STAKCERT worm relational model is being developed based on the evaluation of the STAKCERT worm classification using the dynamic, static and statistical analysis. A case study was conducted to evaluate the effectiveness of this STAKCERT relational model. The case study result analysis showed that the 5 main features in the relational model play an important role in identifying the vulnerability exploited, the damage caused, the expected rate of worm propagation, the chronological flows and the detection avoidance techniques used by the worms. As such, perhaps this new relational model produced can be used as the basis for organizations and end users in detecting worm incidents.

This paper presents the result of the statistical analysis on relationship between sub features in STAKCERT worm classification. The sub features of the STAKCERT worm classification in this paper were using the statistical analysis to prove the relationship between the sub features. Prior to that, the static and the dynamic analysis were conducted to identify and prove the association between the main features in STAKCERT worm classification for worm detection. There are limited ways on how the relationship between categorical data can be evaluated and Chi-Square tests and the symmetric measure are seen as the best method to be implemented. The case study presented in this paper explains in details how the Chi-Square tests are used to determine the relationship existed between the sub features and followed by the symmetric measure to quantify the strength of the relationship. This research paper is based on the integration between statistics and computer security field specifically with worm analysis. It can be used as the basis for further exploration in worm detection and isolation study.