A procedure is one of the most important elements that should be emphasized when handling any incident related with the cyber world. It is easily forgotten by many organizations, IT administrator and users, especially when dealing with the worms attack. Using the incident response methodology as the basis to build up the STAKCERT framework, the researchers have proposed this novel framework which helps to increase the efficiency in handling worm incident, thus facilitate the process of responding to the worm incident. The STAKCERT framework consists of 2 phases where in phase 1, a novel standard operating procedure in worm detection and analysis have been introduced. In phase 2 of the framework, the worm isolation procedure is inspired by apoptosis. Apoptosis is also known as cell programmed death borrowed from the biology term. � 2009 IEEE.

Worms have become a real threat for computer users for the past few years. Worm is more prevalent today than ever before, and both home users and system administrators need to be on the alert to protect their network or company against attacks. It is coming out so fast these days that even the most accurate scanners cannot track all of the new ones. Indeed until now there is no specific way to classify the worm. To understand the threats posed by the worms, this research had been carried out. In this paper the researchers proposed a new way to classify the worms which later is used as the basis to build up a system which is called as the EDOWA system to detect worms attack. Details on how the new worm of classification which is called as EDOWA worm classification is produced are explained in this paper. Hopefully this new worm classification can be used as the basis model to produce a system either to detect or defend organization from worms attack. � 2009 Springer Netherlands.

In this paper, a new STAKCERT worm relational model is being developed based on the evaluation of the STAKCERT worm classification using the dynamic, static and statistical analysis. A case study was conducted to evaluate the effectiveness of this STAKCERT relational model. The case study result analysis showed that the 5 main features in the relational model play an important role in identifying the vulnerability exploited, the damage caused, the expected rate of worm propagation, the chronological flows and the detection avoidance techniques used by the worms. As such, perhaps this new relational model produced can be used as the basis for organizations and end users in detecting worm incidents.

This paper presents the result of the statistical analysis on relationship between sub features in STAKCERT worm classification. The sub features of the STAKCERT worm classification in this paper were using the statistical analysis to prove the relationship between the sub features. Prior to that, the static and the dynamic analysis were conducted to identify and prove the association between the main features in STAKCERT worm classification for worm detection. There are limited ways on how the relationship between categorical data can be evaluated and Chi-Square tests and the symmetric measure are seen as the best method to be implemented. The case study presented in this paper explains in details how the Chi-Square tests are used to determine the relationship existed between the sub features and followed by the symmetric measure to quantify the strength of the relationship. This research paper is based on the integration between statistics and computer security field specifically with worm analysis. It can be used as the basis for further exploration in worm detection and isolation study.