Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
Bgp
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Computing in Science and Engineering
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations
MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Measuring and Modeling Computer Virus Prevalence
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Distributed Worm Simulation with a Realistic Internet Model
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Comparative Study between Analytical Models and Packet-Level Worm Simulations
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Modeling and Simulation in Security Evaluation
IEEE Security and Privacy
The limits of global scanning worm detectors in the presence of background noise
Proceedings of the 2005 ACM workshop on Rapid malcode
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
The impact of stochastic variance on worm propagation and detection
Proceedings of the 4th ACM workshop on Recurring malcode
A drawback of current anti-virus simulations: the need for background traffic
Proceedings of the 44th annual Southeast regional conference
A realistic simulation of internet-scale events
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
WitMeMo '06 Proceedings of the second international workshop on Wireless traffic measurements and modeling
Empirical study of tolerating denial-of-service attacks with a proxy network
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
On the trade-off between speed and resiliency of flashworms and similar malcodes
Proceedings of the 2007 ACM workshop on Recurring malcode
Evaluation of collaborative worm containment on the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Efficient simulation of Internet worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
A model of the spread of randomly scanning Internet worms that saturate access links
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Journal of Computer and System Sciences
Bringing knowledge to network defense
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
MAISim: mobile agent malware simulator
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Optimum Identification of Worm-Infected Hosts
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
On capturing malware dynamics in mobile power-law networks
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
Simulating low-latency anonymous networks
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A hybrid model for worm simulations in a large network
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A mathematical view of network-based suppressions of worm epidemics
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Tools for worm experimentation on the DETER testbed
International Journal of Communication Networks and Distributed Systems
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Hybrid modeling for large-scale worm propagation simulations
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Worm traffic modeling for network performance analysis
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Models and analysis of active worm defense
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Information system modeling for analysis of propagation effects and levels of damage
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
S3F: the Scalable Simulation Framework revisited
Proceedings of the Winter Simulation Conference
Hi-index | 0.00 |
Reproducing the effects of large-scale worm attacks in a laboratory setup in a realistic and reproducible manner is an important issue for the development of worm detection and defense systems. In this paper, we describe a worm simulation model we are developing to accurately model the large-scale spread dynamics of a worm and many aspects of its detailed effects on the network. We can model slow or fast worms with realistic scan rates on realistic IP address spaces and selectively model local detailed network behavior. We show how it can be used to generate realistic input traffic for a working prototype worm detection and tracking system, the Dartmouth ICMP BCC: System/Tracking and Fusion Engine (DIB:S/TRAFEN), allowing performance evaluation of the system under realistic conditions. Thus, we can answer important design questions relating to necessary detector coverage and noise filtering without deploying and operating a full system. Our experiments indicate that the tracking algorithms currently implemented in the DIB:S/TRAFEN system could detect attacks such as Code Red v2 and Sapphire/Slammer very early, even when monitoring a quite limited portion of the address space, but more sophisticated algorithms are being constructed to reduce the risk of false positives in the presence of significant "background noise" scanning.