Emulation of “single-packet” UDP Scanning Worms in Large Enterprises
نویسندگان
چکیده
Worms are a serious threat to Internet security. The past research on worm has been focused on mathematical modeling, numerical analysis, and simulation in addition to proposed defense strategies. We believe a fine-grained, packet-level emulation of worm propagation in enterprise networks is highly beneficial for the deep understanding of worm dynamics and a prerequisite for worm containment analysis. In this paper, we propose a virtual-node approach and an Internet scanning model to run such a worm emulation in a resource-limited testbed. The results from our validation experiments using virtual nodes and other emulation approaches show that our virtual node approach can realize the same level of fidelity while using much fewer testbed nodes. The insights we gained and the lessons we learned in doing worm experiments will be valuable to a variety of enterprise network worm-recreation and defense-evaluation research. keywords: Emulation, Simulation, Worm, Slammer, Enterprise, Virtualization, Throughput
منابع مشابه
New High Secure Network Steganography Method Based on Packet Length
In network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable against detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embe...
متن کاملEvaluation of collaborative worm containment on the DETER testbed
The advantage of collaborative containment over independent block or address blacklisting on worm defense has been advocated in previous worm studies. In this work, we will evaluate two collaborative worm containment proposals and present some of the results of our DETER emulation experiments. In the first one, proactive worm containment (PWC), security agents block all suspicious hosts on the ...
متن کاملEmulating sequential scanning worms on the DETER testbed
Internet worm security threats have increased with their more advanced scanning strategies and malicious payloads. In this article, we extend our existing KMSim worm model to account for the self-destructive or removal/death behavior of worms. The modified model is then used to simulate the Witty and Blaster worms. Also in this paper we describe our experience of running worm emulation experime...
متن کاملMeasurement and emulation of time varying packet delay with applications to networked haptic virtual environments
Networked haptic virtual environments (NHVEs) are increasingly being used in medical simulation, aircraft maintenance training, and other similar fields. In this paper we present the implementation of a network emulator that can create realistic Internet-like characteristics in a laboratory setting for networked haptics. We compare the quality of this delay emulator to actual measurements taken...
متن کاملMitigating Network Denial-of-Service Through Diversity-Based Traffic Management
In this paper we explore the feasibility of mitigating network denial-of-service (NDoS) attacks (attacks that consume network bandwidth) by dynamically regulating learned classes of network traffic. Our classification technique clusters packets based on the similarity of their contents—both headers and payloads—using a variation of n-grams which we call (p, n)-grams. We then allocate shares of ...
متن کامل