Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator
ACM Transactions on Modeling and Computer Simulation (TOMACS) - Special issue on uniform random number generation
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Proceedings of the 2005 ACM workshop on Rapid malcode
The limits of global scanning worm detectors in the presence of background noise
Proceedings of the 2005 ACM workshop on Rapid malcode
The detection of RCS worm epidemics
Proceedings of the 2005 ACM workshop on Rapid malcode
Spatial-temporal modeling of malware propagation in networks
IEEE Transactions on Neural Networks
Efficient simulation of Internet worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Deterministic and stochastic models for the detection of random constant scanning worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Modeling host-based detection and active worm containment
Proceedings of the 11th communications and networking simulation symposium
Modeling and analysis of worm defense using stochastic activity networks
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
An integrated approach to detection of fast and slow scanning worms
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Simulating network cyber attacks using splitting techniques
Proceedings of the Winter Simulation Conference
Hi-index | 0.00 |
The most commonly published analytic models of Internet worm behavior use differential equations that express mean field behavior; these equations have deterministic solution. Such models necessarily suppress the expression of stochastic variance in worm behavior. Variance in real worms' behavior have a variety of sources,most particularly that due to random scanning for susceptible hosts. Variance can be explained by a model that focuses on the times of next infection (TNI), which tells us that variance in infection times is due primarily to variance in inter-infection times early in the worm's life. This regime of worm behavior is particularly relevant to simulation-based studies of worm detection mechanisms. The main contributions of this paper are to validate the infection times of the TNI model with respect to a complex scan-oriented model based on Code Red structure, and to empirically evaluate the variance in intuitive and commonly used metrics for worm detection. Our experiments show that the variance is very very high, a result which strongly suggests that evaluation of worm defense mechanisms not overlook this variance as will occur when deterministic models of worm propagation are used.