Security and Communication Networks

Research Article

CBR-Based Decision Support Methodology for Cybercrime Investigation: Focused on the Data-Driven Website Defacement Analysis

Table 4

Further characteristics and metadata associated with the DS and SPE cases.


	Retrieved case	Tested cases
	Case name	Notifier
	DarkSeoul (DS)	Hmei7	d3b_X	StifLer

Encoding	Windows-1252	Windows-1252	Windows-1252	ISO-8859-9
IP address	203.248.195.178	203.86.238.68	203.124.37.66	77.92.108.3
Domain	gyunggi.onnet21.com	http://www.garycheng.com	health.ajk.gov.pk	yapikimyasallari.com.tr
Date	20 Mar 2013	6 Feb 2014	4 Feb 2014	8 Jun 2013
OS	Windows	Windows	Windows	Windows
Similarity	—	0.690	0.675	0.665
Cluster	—	0	8	4

	Retrieved case	Tested cases
	Case name	Notifier
	Sony pictures Entertainment (SPE)	Oaddah	M@TRiX	EL_MuHaMMeD
Encoding	EUC-KR, EUC-CN	GB2312	GB2312	GB2312
IP address	203.131.222.102	203.124.15.55	208.29.19.8	208.116.45.34
Domain	http://www.sonypicturesstockfootage.com	http://www.hzkcgg.com	dax.digitalrom.com	digitalairstrip.net
Date	24 Nov 2014	14 Jun 2012	16 Dec 2002	18 June 2009
OS	Windows	Windows	Windows	Windows
Similarity	—	0.615	0.615	0.600
Cluster	—	7	7	7

The metadata are arranged according to the defined case vector, corresponding with the DS and SPE cases on the left side (shown in part in boldface type).