Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
IEEE Security and Privacy
Proceedings of the 2003 ACM workshop on Rapid malcode
Proceedings of the 2005 ACM workshop on Rapid malcode
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Visual toolkit for network security experiment specification and data analysis
Proceedings of the 3rd international workshop on Visualization for computer security
A realistic simulation of internet-scale events
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Path preserving scale down for validation of internet inter-domain routing protocols
Proceedings of the 38th conference on Winter simulation
Analyzing cooperative containment of fast scanning worms
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
Evaluation of collaborative worm containment on the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
A model of the spread of randomly scanning Internet worms that saturate access links
ACM Transactions on Modeling and Computer Simulation (TOMACS)
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A distributed framework for passive worm detection and throttling in P2P networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Defending against the propagation of active worms
The Journal of Supercomputing
Tools for worm experimentation on the DETER testbed
International Journal of Communication Networks and Distributed Systems
Inside the permutation-scanning worms: propagation modeling and analysis
IEEE/ACM Transactions on Networking (TON)
The science of cyber security experimentation: the DETER project
Proceedings of the 27th Annual Computer Security Applications Conference
Toward a framework for forensic analysis of scanning worms
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Flow-based partitioning of network testbed experiments
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
A major challenge when attempting to analyze and model large-scale Internet phenomena such as the dynamics of global worm propagation is finding appropriate abstractions that allow us to tractably grapple with size of the artifact while still capturing its most salient properties. We present initial results from investigating "scaledown" techniques for approximating global Internet worm dynamics by shrinking the effective size of the network under study. We explore scaledown in the context of both simulation and analysis, using as a calibration touchstone an attempt to reproduce the empirically observed behavior of the Slammer worm, which exhibited a peculiar decline in average per-worm scanning rate not seen in other worms (except for the later Witty worm, which exhibited similar propagation dynamics). We develop a series of abstract models approximating Slammer's Internet propagation and demonstrate that such modeling appears to require incorporating both heterogeneous clustering of infectibles and heterogeneous access-link bandwidths connecting those clusters to the Internet core. We demonstrate the viability of scaledown but also explore two important artifacts it introduces: heightened variability of results, and biasing the worm towards earlier propagation.