Skip navigation

A large-scale zero-day worm simulator for cyber-epidemiological analysis

A large-scale zero-day worm simulator for cyber-epidemiological analysis

Tidy, Luc, Woodhead, Steve and Wetherall, Jodie ORCID: 0000-0002-4786-5824 (2013) A large-scale zero-day worm simulator for cyber-epidemiological analysis. In: International Conference On Advances In Computer Science And Electronics Engineering - CSEE 2013. Institute of Research Engineers and Doctors (IRED), Santa Barbara, CA, USA, pp. 230-234. ISBN 978-981-07-5461-7 (doi:https://doi.org/10.3850/978-981-07-5461-7_45)

Full text not available from this repository.

Abstract

The cost of a single zero-day network worm outbreak has been estimated at US$2.6 billion. Additionally zero-day worm outbreaks have been observed to spread at a significant pace across the global Internet, with an observed infection proportion of more than 90 percent of vulnerable hosts within 10 minutes. The threat posed by such fast-spreading malware is therefore significant, particularly given the fact that network operator / administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections. An accepted tool that is used in researching the threat presented by zero-day worms is the use of simulation systems. However when considering zero-day worm outbreaks on the Internet there are persistent issues of scale and fidelity. The Internet Worm Simulator (IWS) reported in this paper is designed to address these issues by presenting a novel simulation method that, on a single workstation, can simulate an entire IPv4 address space on a node-by-node basis. Being able to simulate such a large-scale network enables the further analysis of characteristics identified from worm analysis. As IWS does not rely on mathematical approximation, the epidemiological attributes identified from real-world data can be tested for zero-day worm outbreaks on the Internet. Experimentation indicates that IWS is able to accurately simulate and corroborate with reported characteristics of two previous zero-day worm outbreaks. It is intended that, in future, IWS may be used to aid both in the analysis of previous worm outbreaks and the testing of hypothetical zero-day worm outbreak scenarios.

Item Type: Conference Proceedings
Title of Proceedings: International Conference On Advances In Computer Science And Electronics Engineering - CSEE 2013
Uncontrolled Keywords: cyber defence, malware, network worm, simulation, zero-day worm
Subjects: T Technology > T Technology (General)
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science > Internet Security Research Laboratory
Related URLs:
Last Modified: 19 Oct 2016 08:31
URI: http://gala.gre.ac.uk/id/eprint/9708

Actions (login required)

View Item View Item