With the growth of critical worm threats, many researchers have studied worm-related topics and internet anomalies. The researches
are mainly concentrated on worm propagation and detection more than the fundamental characteristics of worms. It is very important
to know worms’ characteristics because the characteristics provide basic resource for worm prevention. Unfortunately, this
kind of research cases are very few until now. Moreover the existing researches only focus on understanding the function structure
of the worm propagation or the taxonomy of the worm according to a sequence of worm attacks. Thus, in this paper, we try to
confirm the formalized pattern of the worm action from the existing researches and analyze the report of the anti-virus companies.
Finally, we define the formalized actions based on temporal behaviors and worm packet flows, and we apply our proposed method
for the new worm classification.
Keywords taxonomy of worm - temporal behavior - worm packet flows - ubiquitous security
This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology
Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).