Design of Actor based Worm Modeling System Using DML

Typical worm simulators analyze and model specific worm to simulate the worm's propagation effect. But those simulators are hard to simulate the variants of the worm and other worms that have different features. In this paper, we attempt to construct a worm taxonomy based on five steps; target discovery, vulnerability exploit, code transfer, activation and payload execution. Each step is composed of several actions called actors. Actor can be explained as a unit function module of a worm. By dividing a worm's propagation cycle into five steps, a worm can be expressed with several actors which belong to each step. To simulate a worm with SSFNet, simulation model must be expressed with DML code. DML is used to describe the network model for SSFNet. In this paper, we describe blaster worm and sasser worm with our proposed actors using DML code.

[1]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[2]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.