Abstract
This paper reports the results of our experimentation with modeling worm behavior on a large scale, fully adaptable network simulator. Our experiments focused on areas of worm scanning methods, IP address structure, and wireless links that, to the best of our knowledge, have been mostly neglected or abstracted away in prior worm simulations. Namely, our intent was to first study by direct observation of our simulations the effects of various IP scanning techniques on the effectiveness of worm spread. Second, our intent was to research the effects that having a larger IP address space (specifically a sparsely populated IP address space like that provided by Internet Protocol Version 6) would have on the effectiveness of several worms. Third, we study how the wireless media may affect the propagation of worms. In order to perform these simulations we have made use of the Georgia Institute of Technology’s network simulator, GTNetS, extending the worm classes packaged with the simulator.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Riley, G.F.: Large-scale network simulations with GTNetS. In: Proceedings of the 2003 Winter Simulation Conference (2003)
Riley, G.F., Sharif, M.I., Lee, W.: Simulating internet worms. In: Proceedings of MASCOTS (2004)
Spafford, E.: The Internet worm: Crisis and aftermath. Communications of the ACM 32(6), 678–687 (1989)
Arron, E.J.: The Nimda worm: An overview (October 2001), http://www.sans.org/rr/catindex.php?cat_id=36
Moore, D., Shannon, C., Claffy, kc.: Code-Red: A case study on the spread and victims of an Internet worm. In: Proc. ACM Internet Measurement Workshop, pp. 273–284 (2002)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: The spread of the Sapphire/Slammer SQL worm. CAIDA, La Jolla, CA, Tech. Rep. (2003), http://www.caida.org/analysis/security/sapphire/
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy 1(4), 33–39 (2003)
Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: Global characteristics and prevalence. In: Proc. ACM SIGMETRICS, pp. 138–147. ACM Press, New York (2003)
Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: Proc. IEEE Symposium on Security and Privacy, pp. 343–361 (May 1991)
Staniford, S., Paxson, V., Weaver, N.: How to 0wn the Internet in your spare time. In: USENIX Security Symposium, USENIX, Berkeley, CA, pp. 149–167 (August 2002)
Garetto, M., Gong, W.: Modeling malware spreading dynamics. In: Proc. IEEE INFOCOM, vol. 3, pp. 1869–1879. IEEE Computer Society Press, Washington, DC (2003)
Chen, Z., Gao, L., Kwiat, K.: Modeling the spread of active worms. In: Proc. IEEE INFOCOM, pp. 1890–1900. IEEE Computer Society Press, Washington, DC (2003)
Zou, C.C., Gao, L., Gong, W., Towsley, D.: Advanced polymorphic worms: Evading IDS by blending in with normal traffic. In: Proc. Conference on Computer and Communications Security (2003)
Chen, Z., Ji, C.: A self-learning worm using importance scanning. In: Proc. Workshop on Rapid Malcode (2005)
Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for Internet worms. In: Proc. Conference on Computer and Communications Security, pp. 190–199. ACM Press, New York (2003)
Sharif, M., Riley, G., Lee, W.: Comparative study between analytical models and packet-level worm simulations. In: PADS (2005)
Wei, S., Mirkovic, J., Swany, M.: Distributed worm simulations with a realistic internet model. In: PADS (2005)
Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: USENIX Security Symposium, USENIX, Berkeley, CA, pp. 29–44 (2004)
Riley, G.F., Fujimoto, R.M., Ammar, M.: A generic framework for parallelization of network simulations. In: MASCOTS. Proceedings of Seventh International Symposium of Modeling, Analysis and Simulation of Computer and Telecommunication Systems (1999)
Winick, J., Jamin, S.: Inet-3.0: Internet topology generator, http://topology.eecs.umich.edu/inet/inet-3.0.pdf
Staniford, S., Moore, D., Paxson, V., Weaver, N.: The top speed of flash worms. In: WORM 2004. Proceedings of the 2004 ACM workshop on Rapid malcode, pp. 33–42. ACM Press, New York (2004)
Rajab, M.A., Monrose, F., Terzis, A.: On the Effectiveness of Distributed Worm Monitoring. In: USENIX Security Symposium (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ray, D.A., Ward, C.B., Munteanu, B., Blackwell, J., Hong, X., Li, J. (2007). Investigating the Impact of Real-World Factors on Internet Worm Propagation. In: McDaniel, P., Gupta, S.K. (eds) Information Systems Security. ICISS 2007. Lecture Notes in Computer Science, vol 4812. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77086-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-77086-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77085-5
Online ISBN: 978-3-540-77086-2
eBook Packages: Computer ScienceComputer Science (R0)