Skip navigation

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

Shahzad, Khurram and Woodhead, Steve (2014) A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT). Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, USA, pp. 1-6. ISBN 9781479926954 (doi:https://doi.org/10.1109/ICCCNT.2014.6963124)

[img]
Preview
PDF (AAM, of conference paper)
12819_SHAHZAD_WOODHEAD-PWD_(ICCCNT_2014_AAM_of_conference_paper).pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (523kB)

Abstract

The cyber epidemiological analysis of computer worms has emerged a key area of research in the field of cyber security. In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior. The same facility can also be employed in testing candidate worm countermeasures. In this paper, we present the architecture and design of Pseudo-Worm Daemon; termed (PWD), which is designed to perform true random scanning and hit-list worm like functionality. The PWD is implemented as a proof-of-concept in C programming language. The PWD is platform independent and can be deployed on any host in an enterprise network. The novelty of this worm daemon includes; its UDP based propagation, a user-configurable random scanning pool, ability to contain a user defined hit-list, authentication before infecting susceptible hosts and efficient logging of time of infection. Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes. The results obtained by Pseudo-Witty worm outbreak are quite comparable to real Witty worm outbreak; which are further quantified by using the Susceptible Infected (SI) model.

Item Type: Conference Proceedings
Title of Proceedings: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)
Additional Information: [1] Published in: 2014 International Conference on Computing, Communication and Networking Technologies (ICCCNT). Date of Conference: 11-13 July 2014. Conference Location : Hefei, China. [2] Article number: 6963124. [3] Copyright: (C) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The definitive version is available at: http://dx.doi.org/10.1109/ICCCNT.2014.6963124
Uncontrolled Keywords: cyber, hit-list, scanning, witty, worm
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Related URLs:
Last Modified: 14 Oct 2016 09:30
URI: http://gala.gre.ac.uk/id/eprint/12819

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics