[Previous] [Index] [Next] # A Network Worm Modeling Package for SSFNet

Comments

**Download**

The SSF.App.Worm package models the spread of a network worm, such as Code Red v2 or Sapphire/Slammer, at a macroscopic level using standard epidemic models from biology. Unlike other models published in the literature, this model is integrated with a packet level simulator, SSFNet. It forms a 'two-tier' model where the large scale behavior can be modeled coarsely ('macroscopic level') and selected parts can be modeled in detail ('microscopic level'). Thus, it can for example be used to study worm interaction with the infrastructure, possible worm effects on the infrastructure and the effectiveness of mechanisms (in the infrastructure) to detect or combat worms.

Version 0.5.1 features:

- Deterministic or stochastic epidemic models (time stepped).
Models assume a worm spreading by uniform random scanning, such as
the Code Red v2 worm or the Sapphire/Slammer worm.
*Deterministic*model based on well known differential equation system ("general epidemic model" or "SIR-model") derived from result by Kermack-McKendrick.*Stochastic*model based on similar assumptions.

- Homogeneous or stratified population models:

*Homogeneous:*All susceptible hosts in the Internet form a homogeneous 'population'.*Stratified:*'Population' of susceptible hosts is stratified by AS, i.e. each AS represents a sub-population.

- Initialization choices for stratified epidemic model:

*'Uniform':*Uniform distribution of susceptibles over leaf ASes and uniform infection rate between ASes.*'Code Red':*Distribution of susceptibles based on empirical data for Code Red worm. Infection rates based on announced IP space distribution (from empirical data).

- Simple worm scan traffic model:

Models egress scans going through border router(s).*'Mean rate':*Scanning traffic modeled by simple mean scan rate flow model. (Piecewise constant flow.)

- DML configurable

- Parameters such as
- Total susceptible population (
*s_0*) - Initially infected population (
*i_0*) - Infection parameter (
*beta*)

- Total susceptible population (
- Implementation choices for
- Epidemic model (deterministic/stochastic)
- Initializer code for epidemic
- Removal function for epidemic

- Parameters such as
- Example model of a campus network with vulnerable machines operating during the Code Red v2 attack.
- Regression tests.

Planned features for future releases include:

- Extended scan traffic models.
- Connectivity feedback.
- Parallel execution support.

Comments

Filename | Size | Description | Date | ||
---|---|---|---|---|---|

worm0.4.tgz | 32879 | NWMP 0.4 | Feb 2003 | MD5 sum f4fca4de076244ddc593286471f5e0d9 | |

worm0.5.tgz | 158118 | NWMP 0.5 | Mar 2003 | MD5 sum 819481862da4d279957555716932c803 | |

worm0.5.1.tgz | 157406 | NWMP 0.5.1 | May 2003 | MD5 sum 9d0115938c182ae84c9f179bd65b0399 |

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org