Skip navigation

Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet

Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet

Tidy, Luc Jon, Woodhead, Steve and Wetherall, Jodie ORCID: 0000-0002-4786-5824 (2013) Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 12 (2). pp. 123-138. ISSN 1548-5129 (Print), 1557-380X (Online) (doi:10.1177/1548512913507153)

Full text not available from this repository.

Abstract

The cost of a single zero-day network worm outbreak on the global Internet has been estimated at US$2.6 billion. In addition, zero-day network worm outbreaks have been observed that spread at a significant pace across the Internet, with an observed infection proportion of more than 90% of vulnerable hosts within 10 minutes. The threat posed by such fast-spreading malware to defence systems and national security is therefore significant, particularly given the fact that network operator/administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections.

An accepted technology that is used to research the security threat presented by zero-day worms is that of simulation systems; however, only a subset of these focus on the Internet and issues persist regarding how representative these are of the Internet. The design of a novel simulator developed to address these issues, the Internet Worm Simulator (IWS), is presented along with experimental results for a selection of previous worm outbreaks compared against observed, empirical data and hypothetical outbreak scenarios. Based on a finite state machine for each network host, the IWS incorporates the dynamic, heterogeneous characteristics of the Internet and, on a single workstation, is able to simulate an IPv4-sized network.

Based on the analysis presented, the authors conclude that the IWS has the capability to simulate zero-day worm epidemiology on the dynamic, heterogeneous Internet for a variety of scenarios. These include simulating previous worm outbreaks that demonstrate random-scanning and hit list behaviour, as well as hypothetical scenarios that include a large susceptible populous and stealth-like behaviour.

Item Type: Article
Uncontrolled Keywords: cyber defence, malware, network worm, simulation, zero-day worm
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Pre-2014 Departments: School of Engineering
School of Engineering > Mobile & Wireless Communications Research Laboratory
Last Modified: 14 Oct 2016 09:25
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: None
URI: http://gala.gre.ac.uk/id/eprint/10595

Actions (login required)

View Item View Item