A drawback of current anti-virus simulations: the need for background traffic

Authors:
Attila Ondi
Affiliations:
Florida Institute of Technology, Melbourne, FL
Venue:
Proceedings of the 44th annual Southeast regional conference
Year:
2006

Citing 10
Cited 1

Generating representative Web workloads for network and server performance evaluation

SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Modeling the Global Internet

Computing in Science and Engineering
An Empirical Model of HTTP Network Traffic

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
The Georgia Tech Network Simulator

MoMeTools '03 Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research
Simulating realistic network worm traffic for worm warning system design and testing

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense

Proceedings of the 2003 ACM workshop on Rapid malcode
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Creating models of internet background traffic suitable for use in evaluating network intrusion detection systems

Creating models of internet background traffic suitable for use in evaluating network intrusion detection systems
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Modeling malcode with Hephaestus: beyond simple spread

ACM-SE 45 Proceedings of the 45th annual southeast regional conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although the most basic simulations of worm spread require the simulation of only the traffic generated by the malcode, when modeling the effects of antiworm techniques the results can be misleading if the background traffic is not taken into consideration. Despite the need for background traffic, no anti-worm simulation to date incorporates general traffic in the model.In this work I introduce a simple model of background traffic generation for arbitrary size networks. My approach builds on a traffic generation model for security testing and is validated against the predictions of the base model.