Efficient simulation of Internet worms
Abstract
Simulation of Internet worms (and other malware) requires tremendous computing resources when every packet generated by the phenomena is modeled individually; on the other hand, models of worm growth based on differential equations lack the significant variability inherent in worms that sample targets randomly. This article addresses the problem with a model that focuses on times of infection. We propose a hybrid discrete-continuous model that minimizes execution time subject to an accuracy constraint on variance. We also develop an efficiently executed model of preferential random scanning and use it to investigate the sensitivity of worm propagation speed to the distribution of susceptible hosts through the network, and to the local preference probability. Finally, we propose and study two optimizations to a fluid-based simulation of scan traffic through a backbone network, observing an order-of-magnitude improvement in execution speed.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Apr 01, 2008
- Source ID
- 10.1145/1346325.1346326
Entities
People
- David M. Nicol
Organizations
- Defense Advanced Research Projects Agency
- Division of Computer and Network Systems
- National Science Foundation
- United States Department of Homeland Security
- University of Illinois Urbana–Champaign