Article

Distributed Worm Simulation with a Realistic Internet Model

Authors:

Jelena Mirkovic,

Martin SwanyAuthors Info & Claims

PADS '05: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation

Pages 71 - 79

https://doi.org/10.1109/PADS.2005.7

Published: 01 June 2005 Publication History

Abstract

Internet worm spread is a phenomenon involving millions of hosts, who interact in complex and diverse environment. Scanning speed of each infected host depends on its resources and the defenses at work in its network. Aggressive worms further interact with the underlying Internet topology .. the dynamics of the spread is constrained by the limited bandwidth of network links, and high-volume scan traffic leads to BGP router failure thus affecting global routing. Worm traffic also interacts with legitimate background traffic competing for (and often winning) the limited bandwidth resources. To faithfully simulate worm spread and other Internet-wide events such as DDoS, flash crowds and spam we need a detailed Internet model, a packet-level simulation of relevant event features, and a realistic model of background traffic on the whole Internet. The memory and CPU requirements of such simulation exceed a single machineýs resources, creating a need for distributed simulation. We propose a design and present implementation of a distributed worm simulator, called PAWS. PAWS runs on Emulab testbed, which facilitates its use by other researchers. We validate PAWS in a variety of scenarios, and evaluate costs and benefits of distributed worm simulation.

References

[1]

{1} B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar, "An Integrated Experimental Environment for Distributed Systems and Networks," OSDI 2002.

Digital Library

[2]

{2} S. Floyd and V. Paxson, "Difficulties in Simulating the Internet," IEEE/ACM Transactions on Networking, Vol.9, No.4, pp. 392-403, August, 2001.

Digital Library

[3]

{3} University of Oregon Route Views Project, http://www.RouteViews.org

[4]

{4} H. Chang, S. Jamin, W. Willinger, "On Inferring AS-level connectivity from BGP Routing Tables," Proceedings of SPIE ITCom 2001.

[5]

{5} B. Cheswick and H. Burch, "The Internet Mapping Project," http://research.lumeta.com/ches/map/

[6]

{6} H. Tangmunarunkit, R. Govindan, S. Jamin, S. Shenker, W. Willinger, "Network Topology Generator: Degree-Based vs. Structural, Proceedings of SIGCOMM 2002.

Digital Library

[7]

{7} D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, "Inside the Slammer Worm," Security and Privacy, 1(4):33-39, July 2003.

Digital Library

[8]

{8} Ningning Hu, Li Erran Li, Zhuoqing Morley Mao, Peter Steenkiste, Jia Wang, "Locating Internet Bottlenecks: Algorithms, Measurements, and Implications," Proceedings of SIGCOMM 2004.

Digital Library

[9]

{9} K.S. Perumalla, S. Sundaragopalan, "High-Fidelity Modeling of Computer Network Worms," Annual Computer Security Applications Conference (ACSAC), December 2004.

Digital Library

[10]

{10} M. Liljenstam, Y. Yuan, B. J. Premore, "A Mixed Abstraction Level Simulation Model of Large-scale Internet Worm Infestations," International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS 2002).

Digital Library

[11]

{11} M. Liljenstam, D. Nicol, V. Berk, and R. Gray, "Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing," Proceedings of the 2003 ACM Workshop on Rapid Malcode (WORM 2003).

Digital Library

[12]

{12} A. Wagner, T. Dübendorfer, B. Plattner and R. Hiestand, "Experiences with Worm Propagation Simulations," In Proceedings of the 2003 ACM Workshop on Rapid Malcode, 2003.

Digital Library

[13]

{13} D. Moore, C. Shannon, G. M. Voelker and S. Savage, "Internet Quarantine: Requirements for Containing Self-Propagating Code," INFOCOM, 2003.

[14]

{14} S. Staniford, V. Paxson and N. Weaver, "How to Own the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.

Digital Library

[15]

{15} C. C. Zou, W. Gong and D. Towsley, "Code Red Worm Propagation Modeling and Analysis," In Proceedings of the 9th ACM conference on Computer and communications security, 2002.

Digital Library

[16]

{16} Z. Shen, L. Gao and K. Kwiat, "Modeling the Spread of Active Worms," In Proceedings of INFOCOM 2003.

[17]

{17} J.O. Kephart and S.R. White, "Measuring and Modeling Computer Virus Prevalence," Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1993.

Digital Library

[18]

{18} C. C. Zou, W. Gong, D. Towsley and L. Gao, "Monitoring and Early Detection for Internet Worms," In Proceedings of 10th ACM Conference on Computer and Communication Security, 2003.

Digital Library

[19]

{19} S. Floyd and E. Kohler, "Internet Research Needs Better Models," Proceedings of Hotnets-I. October 2002.

[20]

{20} M. Dodge, "An Atlas of Cyberspaces," http://www. cybergeography.org/atlas/more_isp_maps.html.

[21]

{21} R. Haynal, "Major Internet Backbone MAPs," http:// navigators.com/isp.html.

[22]

{22} F. Wang and L. Gao, "Inferring and Characterizing Internet Routing Policies," ACM SIGCOMM Internet Measurement Conference 2003.

Digital Library

[23]

{23} L. Gao, "On Inferring Autonomous System Relationships in the Internet," IEEE Global Internet, Nov 2000.

[24]

{24} M. Liljenstam, J. Liu, and D. Nicol, "Development of an Internet Backbone Topology for Large-Scale Network Simulations," Proceedings of 2003 Winter Simulation Conference.

Digital Library

[25]

{25} G. F. Riley, M. I. Sharif and W. Lee, "Simulating Internet Worms," Proceedings of the 12th Annual Meeting of the IEEE/ACM International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), 2004.

Digital Library

[26]

{26} R. Fujimoto, K. Perumalla, A. Park, H. Wu, M. Ammar and G. Riley, "Large-Scale Network Simulation - How Big? How Fast?," IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunication Systems (MASCOTS), October 2003.

[27]

{27} D. Moore, C. Shannon, J. Brown, "Code-Red: a Case Stud On the Spread and Victims of an Internet Worm," Proceedings of the Internet Measurement Workshop, 2002.

Digital Library

[28]

{28} C.C. Zou, W. Gong, D. Towsley, "Worm Propagation Modeling and Analysis under Dynamic quarantine defense," Proceeding of ACM CSS Workshop on Rapid Malcode (WORM'03), October 2003.

Digital Library

Cited By

Puzis RTubi MElovici YGlezer CDolev S(2011)A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale NetworksACM Transactions on Modeling and Computer Simulation10.1145/2043635.204364022:1(1-26)Online publication date: 1-Dec-2011
https://dl.acm.org/doi/10.1145/2043635.2043640
Futoransky AMiranda FOrlicki JSarraute CDalle OWainer GPerrone LStea G(2009)Simulating cyber-attacks for fun and profitProceedings of the 2nd International Conference on Simulation Tools and Techniques10.4108/ICST.SIMUTOOLS2009.5773(1-9)Online publication date: 2-Mar-2009
https://dl.acm.org/doi/10.4108/ICST.SIMUTOOLS2009.5773
Leszczyna RFovino IMasera MMolnár SHeath J(2008)MAISimProceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops10.5555/1416222.1416262(1-6)Online publication date: 3-Mar-2008
https://dl.acm.org/doi/10.5555/1416222.1416262
Show More Cited By

Index Terms

Distributed Worm Simulation with a Realistic Internet Model

Recommendations

WORM vs. WORM: preliminary study of an active counter-attack mechanism
WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode

Self-propagating computer worms have been terrorizing the Internet for the last several years. With the increasing density, inter-connectivity and bandwidth of the Internet combined with security measures that inadequately scale, worms will continue to ...
A smart IDS and response system for the internet malicious worm

In this paper, we proposed a behaviour-based intrusion detection and response system for the internet worm. The LAWS (Lambent Anti-Worm System) can detect the intruded services and influenced range automatically. Besides, it also can analyse the key ...
Simulating realistic network worm traffic for worm warning system design and testing
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode

Reproducing the effects of large-scale worm attacks in a laboratory setup in a realistic and reproducible manner is an important issue for the development of worm detection and defense systems. In this paper, we describe a worm simulation model we are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PADS '05: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation

June 2005

280 pages

ISBN:0769523838

Sponsors

SIGSIM: ACM Special Interest Group on Simulation and Modeling

Publisher

IEEE Computer Society

United States

Publication History

Published: 01 June 2005

Check for updates

Qualifiers

Article

Conference

PADS05

Sponsor:

SIGSIM

PADS05: PADS '05 - Principles of Advanced and Distributed Simulation

June 1 - 3, 2005

Acceptance Rates

PADS '05 Paper Acceptance Rate 30 of 46 submissions, 65%;

Overall Acceptance Rate 398 of 779 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
11
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Puzis RTubi MElovici YGlezer CDolev S(2011)A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale NetworksACM Transactions on Modeling and Computer Simulation10.1145/2043635.204364022:1(1-26)Online publication date: 1-Dec-2011
https://dl.acm.org/doi/10.1145/2043635.2043640
Futoransky AMiranda FOrlicki JSarraute CDalle OWainer GPerrone LStea G(2009)Simulating cyber-attacks for fun and profitProceedings of the 2nd International Conference on Simulation Tools and Techniques10.4108/ICST.SIMUTOOLS2009.5773(1-9)Online publication date: 2-Mar-2009
https://dl.acm.org/doi/10.4108/ICST.SIMUTOOLS2009.5773
Leszczyna RFovino IMasera MMolnár SHeath J(2008)MAISimProceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops10.5555/1416222.1416262(1-6)Online publication date: 3-Mar-2008
https://dl.acm.org/doi/10.5555/1416222.1416262
Bye RSchmidt SLuther KAlbayrak SMolnár SHeath J(2008)Application-level simulation for network securityProceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops10.5555/1416222.1416260(1-10)Online publication date: 3-Mar-2008
https://dl.acm.org/doi/10.5555/1416222.1416260
Bose AShin KLevi A(2008)On capturing malware dynamics in mobile power-law networksProceedings of the 4th international conference on Security and privacy in communication netowrks10.1145/1460877.1460893(1-10)Online publication date: 22-Sep-2008
https://dl.acm.org/doi/10.1145/1460877.1460893
Ray DWard CMunteanu BBlackwell JHong XLi J(2007)Investigating the impact of real-world factors on internet worm propagationProceedings of the 3rd international conference on Information systems security10.5555/1779274.1779278(10-24)Online publication date: 16-Dec-2007
https://dl.acm.org/doi/10.5555/1779274.1779278

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents