Skip navigation

A large-scale zero-day worm simulator for cyber-epidemiological analysis

A large-scale zero-day worm simulator for cyber-epidemiological analysis

Tidy, Luc, Woodhead, Steve and Wetherall, Jodie (2013) A large-scale zero-day worm simulator for cyber-epidemiological analysis. International Journal Of Advances In Computer Networks And Its Security, 3 (1). pp. 69-73. ISSN 2250 - 3757

[img]
Preview
PDF
12031_TIDY_WOODHEAD_WETHERALL_(2013).pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (829kB)

Abstract

The cost of a single zero-day network worm outbreak has been estimated at US$2.6 billion. Additionally zero-day worm outbreaks have been observed to spread at a significant
pace across the global Internet, with an observed infection
proportion of more than 90 percent of vulnerable hosts within 10 minutes. The threat posed by such fast-spreading malware is therefore significant, particularly given the fact that network operator / administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections. An accepted tool that is used in researching the threat presented by zero-day worms is the use of simulation systems. However when considering zero-day worm outbreaks on the Internet there are persistent issues of scale and fidelity. The
Internet Worm Simulator (IWS) reported in this paper is designed to address these issues by presenting a novel simulation method that, on a single workstation, can simulate an entire IPv4 address space on a node-by-node basis. Being able to simulate such a large-scale network enables the further analysis of characteristics identified from worm analysis. As IWS does not rely on mathematical approximation, the epidemiological attributes identified from real-world data can be tested for zero-day worm outbreaks on the Internet. Experimentation indicates that IWS is able to accurately simulate and corroborate with reported characteristics of two previous zero-day worm outbreaks. It is intended that, in future, IWS may be used to aid both in the analysis of previous worm outbreaks and the testing of hypothetical zero-day worm outbreak scenarios.

Item Type: Article
Additional Information: [1] International Journal of Advances in Computer Networks and Its Security, an international peer-reviewed, open access journal, aims to publish original research articles and review articles across diverse fields of Computer Networks and Its Security. All the papers published in IJCNS will be archived in SEEK Digital Library. Paper for publication are selected through rigorous peer review process to ensure originality, timeliness, relevance and readability. All published papers are also available freely with online full-text content and permanent wordwide weblink.
Uncontrolled Keywords: cyber defence, malware, network worm, simulation, zero-day worm
Subjects: Q Science > Q Science (General)
T Technology > TA Engineering (General). Civil engineering (General)
Faculty / Department / Research Group: Faculty of Engineering & Science
Related URLs:
Last Modified: 15 Oct 2016 15:09
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: None
URI: http://gala.gre.ac.uk/id/eprint/12031

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics