Modeling malcode with Hephaestus: beyond simple spread

  • Authors:

  • Attila Ondi;Richard Ford

  • Affiliations:

  • Florida Institute of Technology, Melbourne, FL;Florida Institution of Technology, Melbourne, FL

  • Venue:
  • ACM-SE 45 Proceedings of the 45th annual southeast regional conference
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Realistic modeling of worm spread is crucial if we wish to predict the real-world efficacy of different worm counter-measures. Ideally, such modeling should be able to handle different types of malcode, multiple defenses, and realistic network topologies and limitations. Due to the complexity of the interactions between entities in the network, accurate analytical solutions are extremely difficult to derive. A more tractable approach to the problem is Monte-Carlo simulation. Most such simulators are custom built to simulate the spread of a particular worm and are not easily extendible to other malcode or topology simulations. While general purpose simulators, like GTNetS or ns2, are capable of simulating arbitrary network topologies and actors, they are too granular for our purposes and therefore too CPU intensive for large network simulation. To overcome these limitations, we designed Hephaestus, a simulator which is capable of simulating arbitrary network and application topologies and custom actors. We validate our simulator by modeling the well known spread of the worm, Code-Red I v2. Finally, we conclude by discussing the potential for future work based upon our simulator.