Skip navigation

A virtualised network testbed for zero-day worm analysis and countermeasure testing

A virtualised network testbed for zero-day worm analysis and countermeasure testing

Shahzad, Khurram, Woodhead, Steve and Bakalis, Panos (2013) A virtualised network testbed for zero-day worm analysis and countermeasure testing. In: Advances in Security of Information and Communication Networks: First International Conference, SecNet 2013, Cairo, Egypt, September 3-5, 2013. Proceedings. Communications in Computer and Information Science (381). Springer, Berlin Heidelberg, Germany, pp. 54-64. ISBN 978-3642405976 ISSN 1865-0929 (Print), 1865-0937 (Online) (doi:https://doi.org/10.1007/978-3-642-40597-6_5)

Full text not available from this repository. (Request a copy)

Abstract

Computer network worms are one of the most significant malware threats and have gained wide attention due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. In order to detect and defend against network worms, a safe and convenient environment is required to closely observe their infection and propagation behaviour. The same facility can also be employed in testing candidate worm countermeasures. This paper presents the design, implementation and commissioning of a novel virtualized malware testing environment, based on virtualization technologies provided by VMware and open source software. The novelty of this environment is its scalability of running virtualised hosts, high fidelity, confinement, realistic traffic generation, and efficient log file creation. This paper also presents the results of an experiment involving the launch of a Slammer-like worm on the testbed to show its propagation behaviour.

Item Type: Conference Proceedings
Title of Proceedings: Advances in Security of Information and Communication Networks: First International Conference, SecNet 2013, Cairo, Egypt, September 3-5, 2013. Proceedings
Additional Information: [1] This paper was first presented at the International Conference on Advances in Security of Information and Communication Networks, (SecNet 2013), held in Cairo, Egypt, from 3-5 September 2013. [2] ISSN: 978-3-642-40596-9 (Print); 978-3-642-40597-6 (Online).
Uncontrolled Keywords: worms, malware, slammer, testbed, virtualization, VMware
Subjects: G Geography. Anthropology. Recreation > GE Environmental Sciences
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Related URLs:
Last Modified: 23 Sep 2019 09:33
URI: http://gala.gre.ac.uk/id/eprint/10624

Actions (login required)

View Item View Item