Skip navigation

Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet

Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet

Tidy, Luc Jon, Woodhead, Steve and Wetherall, Jodie ORCID: 0000-0002-4786-5824 (2013) Simulation of zero-day worm epidemiology in the dynamic, heterogeneous Internet. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 12 (2). pp. 123-138. ISSN 1548-5129 (Print), 1557-380X (Online) (doi:

Full text not available from this repository. (Request a copy)


The cost of a single zero-day network worm outbreak on the global Internet has been estimated at US$2.6 billion. In addition, zero-day network worm outbreaks have been observed that spread at a significant pace across the Internet, with an observed infection proportion of more than 90% of vulnerable hosts within 10 minutes. The threat posed by such fast-spreading malware to defence systems and national security is therefore significant, particularly given the fact that network operator/administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections.

An accepted technology that is used to research the security threat presented by zero-day worms is that of simulation systems; however, only a subset of these focus on the Internet and issues persist regarding how representative these are of the Internet. The design of a novel simulator developed to address these issues, the Internet Worm Simulator (IWS), is presented along with experimental results for a selection of previous worm outbreaks compared against observed, empirical data and hypothetical outbreak scenarios. Based on a finite state machine for each network host, the IWS incorporates the dynamic, heterogeneous characteristics of the Internet and, on a single workstation, is able to simulate an IPv4-sized network.

Based on the analysis presented, the authors conclude that the IWS has the capability to simulate zero-day worm epidemiology on the dynamic, heterogeneous Internet for a variety of scenarios. These include simulating previous worm outbreaks that demonstrate random-scanning and hit list behaviour, as well as hypothetical scenarios that include a large susceptible populous and stealth-like behaviour.

Item Type: Article
Uncontrolled Keywords: cyber defence, malware, network worm, simulation, zero-day worm
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Last Modified: 19 Sep 2019 15:37

Actions (login required)

View Item View Item