Article

Experiences with worm propagation simulations

Authors:

Thomas Dübendorfer,

Bernhard Plattner,

Roman HiestandAuthors Info & Claims

WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode

Pages 34 - 41

https://doi.org/10.1145/948187.948194

Published: 27 October 2003 Publication History

Abstract

Fast Internet worms are a relatively new threat to Internet infrastructure and hosts. We discuss motivation and possibilities to study the behaviour of such worms and degrees of freedom that worm writers have. To facilitate the study of fast worms we have designed a simulator. We describe the design of this simulator and discuss practical experiences we have made with it and compare observation of past worms with simulated behaviour. One specific feature of the simulator is that the Internet model used can represent network bandwidth and latency constraints.

References

[1]

P. Barford and D. Plonka. Characteristics of Network Traffic Flow Anomalies. In ACM SIGCOMM Internet Measurement Workshop, 2001.

Digital Library

[2]

CAIDA. CAIDA Analysis of Code-Red. http://www.caida.org/analysis/security/code-red/. visited June, 2003.

[3]

CERT. CERT Advisory CA-2003-04 MS-SQL Server Worm. http://www.cert.org/advisories/CA-2003-04.html, 2003.

[4]

R. K. C. Chang. Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial. IEEE Communications Magazine, October 2002.

Digital Library

[5]

R. Danyliw and A. Householder. CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, 2001.

[6]

DDoSVax. http://www.tik.ee.ethz.ch/~ddosvax/.

[7]

S. Floyd and V. Paxson. Difficulties in Simulating the Internet. IEEE/ACM Transactions on Networking, 2001.

Digital Library

[8]

http://www.ipv6.org/.

[9]

J. Mirkovic, J. Martin, and P. Reiher. A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. http://www.lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf, 2002.

[10]

D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. IEEE Security and Privacy, 4(1):33--39, July 2003.

Digital Library

[11]

D. Moore, C. Shannon, and J. Brown. Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the ACM/USENIX Internet Measurement Workshop, Marseille, France, November 2002.

Digital Library

[12]

D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In Proceedings of the 2003 IEEE Infocom Conference, San Francisco, CA, April 2003.

[13]

R. Permeh, M. Maiffret, and R. Permeh. eEye Digital Security Advisory .ida Code Red Worm. http://www.eeye.com/html/Research/Advisories/AL20010717.html, July 2001.

[14]

RFC 3513: Internet Protocol Version 6 (IPv6) Addressing Architecture.

[15]

S. Saroiu, P. K. Gummadi, and S. D. Gribble. A measurement study of peer-to-peer file sharing systems. In Proceedings of Multimedia Computing and Networking 2002 (MMCN '02), San Jose, CA, USA, January 2002.

[16]

S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proc. USENIX Security Symposium, 2002.

Digital Library

[17]

A. Wagner and B. Plattner. Peer-to-peer systems as attack platform for distributed denial-of-service. In ACM SACT Workshop, Washington, DC, USA, 2002.

[18]

L. Wall, T. Christiansen, and R. L. Schwarz. Programming Perl, 2nd Edition. O'Reilly, 1996.

Digital Library

[19]

N. C. Weaver. http://www.cs.berkeley.edu/~nweaver/warhol.html, 2001.

[20]

C. C. Zou, W. Gong, and D. Towsley. Code Red Worm Propagation Modeling and Analysis. In Proceedings of the 9th ACM conference on Computer and communications security, Washington, DC, USA, November 2002.

Digital Library

Cited By

Asgari SSadeghiyan B(2020)Towards Generating Benchmark Datasets for Worm Infection Studies2020 10th International Symposium onTelecommunications (IST)10.1109/IST50524.2020.9345845(1-8)Online publication date: 15-Dec-2020
https://doi.org/10.1109/IST50524.2020.9345845
Kim KKim J(2017)A Study on the Markov Chain Based Malicious Code Threat Estimation ModelWireless Personal Communications: An International Journal10.1007/s11277-015-3018-694:3(315-329)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1007/s11277-015-3018-6
Hoque EPotharaju RNita-Rotaru CSarkar SVenkatesh S(2015)Taming epidemic outbreaks in mobile adhoc networksAd Hoc Networks10.1016/j.adhoc.2014.07.03124:PA(57-72)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.1016/j.adhoc.2014.07.031
Show More Cited By

Index Terms

Experiences with worm propagation simulations

Recommendations

Enhancing SWORD to Detect Zero-Day-Worm-Infected Hosts

Once a host is infected by an Internet worm, prompt action must be taken before that host does more harm to its local network and the rest of the Internet. It is therefore critical to quickly detect that a worm has infected a host. In this paper, we ...
Hybrid modeling for large-scale worm propagation simulations
ISI'06: Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics

Internet becomes more and more popular, and most companies and institutes use web services for e-business and many other purposes. As results, Internet and web services become core infrastructure for a company or an institute. With the explosion of ...
Characterising heterogeneity in vulnerable hosts on worm propagation

Worm propagation models are important for understanding worm dynamics and designing effective and efficient detection and defence systems. The existing models, however, ignore the heterogeneity in vulnerable hosts and assume that the worm-scanning rate ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode

October 2003

92 pages

ISBN:1581137850

DOI:10.1145/948187

General Chair:
Stuart Staniford
Silicon Defense
,
Program Chair:
Stefan Savage
University of California, San Diego

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS03

Sponsor:

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

October 27, 2003

DC, Washington, USA

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

56
Total Citations
View Citations
1,246
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Asgari SSadeghiyan B(2020)Towards Generating Benchmark Datasets for Worm Infection Studies2020 10th International Symposium onTelecommunications (IST)10.1109/IST50524.2020.9345845(1-8)Online publication date: 15-Dec-2020
https://doi.org/10.1109/IST50524.2020.9345845
Kim KKim J(2017)A Study on the Markov Chain Based Malicious Code Threat Estimation ModelWireless Personal Communications: An International Journal10.1007/s11277-015-3018-694:3(315-329)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1007/s11277-015-3018-6
Hoque EPotharaju RNita-Rotaru CSarkar SVenkatesh S(2015)Taming epidemic outbreaks in mobile adhoc networksAd Hoc Networks10.1016/j.adhoc.2014.07.03124:PA(57-72)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.1016/j.adhoc.2014.07.031
Kotenko IShorov A(2015)Simulation of Bio-inspired Security Mechanisms against Network Infrastructure AttacksIntelligent Distributed Computing VIII10.1007/978-3-319-10422-5_14(127-133)Online publication date: 2015
https://doi.org/10.1007/978-3-319-10422-5_14
Wang YWang J(2014)Research on Simulation of Internet WormsAdvanced Materials Research10.4028/www.scientific.net/AMR.1030-1032.17921030-1032(1792-1795)Online publication date: Sep-2014
https://doi.org/10.4028/www.scientific.net/AMR.1030-1032.1792
Mezzour GCarley K(2014)Spam diffusion in a social network initiated by hacked e-mail accountsInternational Journal of Security and Networks10.1504/IJSN.2014.0657099:3(144-153)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1504/IJSN.2014.065709
Król DBudka MMusial K(2014)Simulating the Information Diffusion Process in Complex Networks Using Push and Pull StrategiesProceedings of the 2014 European Network Intelligence Conference10.1109/ENIC.2014.22(1-8)Online publication date: 29-Sep-2014
https://dl.acm.org/doi/10.1109/ENIC.2014.22
Leszczyna RFovino I(2013)Evaluating Security and Resilience of Critical Networked Infrastructures after StuxnetCritical Information Infrastructure Protection and Resilience in the ICT Sector10.4018/978-1-4666-2964-6.ch012(242-256)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2964-6.ch012
Konovalov AKotenko IShorov A(2013)Simulation-based study of botnets and defense mechanisms against themJournal of Computer and Systems Sciences International10.1134/S106423071206004452:1(43-65)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1134/S1064230712060044
Leszczyna R(2013)Agents in Simulation of Cyberattacks to Evaluate Security of Critical InfrastructuresMultiagent Systems and Applications10.1007/978-3-642-33323-1_6(129-146)Online publication date: 2013
https://doi.org/10.1007/978-3-642-33323-1_6
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents