A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing
Shahzad, Khurram and Woodhead, Steve (2014) A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT). Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, USA, pp. 1-6. ISBN 9781479926954 (doi:10.1109/ICCCNT.2014.6963124)
Preview |
PDF (AAM, of conference paper)
12819_SHAHZAD_WOODHEAD-PWD_(ICCCNT_2014_AAM_of_conference_paper).pdf - Accepted Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (523kB) |
Abstract
The cyber epidemiological analysis of computer worms has emerged a key area of research in the field of cyber security. In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior. The same facility can also be employed in testing candidate worm countermeasures. In this paper, we present the architecture and design of Pseudo-Worm Daemon; termed (PWD), which is designed to perform true random scanning and hit-list worm like functionality. The PWD is implemented as a proof-of-concept in C programming language. The PWD is platform independent and can be deployed on any host in an enterprise network. The novelty of this worm daemon includes; its UDP based propagation, a user-configurable random scanning pool, ability to contain a user defined hit-list, authentication before infecting susceptible hosts and efficient logging of time of infection. Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes. The results obtained by Pseudo-Witty worm outbreak are quite comparable to real Witty worm outbreak; which are further quantified by using the Susceptible Infected (SI) model.
Item Type: | Conference Proceedings |
---|---|
Title of Proceedings: | Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT) |
Additional Information: | [1] Published in: 2014 International Conference on Computing, Communication and Networking Technologies (ICCCNT). Date of Conference: 11-13 July 2014. Conference Location : Hefei, China. [2] Article number: 6963124. [3] Copyright: (C) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The definitive version is available at: http://dx.doi.org/10.1109/ICCCNT.2014.6963124 |
Uncontrolled Keywords: | cyber, hit-list, scanning, witty, worm |
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science |
Related URLs: | |
Last Modified: | 14 Oct 2016 09:30 |
URI: | http://gala.gre.ac.uk/id/eprint/12819 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year