Design of Actor based Worm Modeling System Using DML

Typical worm simulators analyze and model specific worm to simulate the worm's propagation effect. But those simulators are hard to simulate the variants of the worm and other worms that have different features. In this paper, we attempt to construct a worm taxonomy based on five steps; target discovery, vulnerability exploit, code transfer, activation and payload execution. Each step is composed of several actions called actors. Actor can be explained as a unit function module of a worm. By dividing a worm's propagation cycle into five steps, a worm can be expressed with several actors which belong to each step. To simulate a worm with SSFNet, simulation model must be expressed with DML code. DML is used to describe the network model for SSFNet. In this paper, we describe blaster worm and sasser worm with our proposed actors using DML code.

[1]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[2]  Tawfik Jelassi,et al.  Negotiation support systems: an overview of design issues and existing software , 1989, Decis. Support Syst..

[3]  Arvind Rangaswamy,et al.  Using Computers to Realize Joint Gains in Negotiations: Toward an , 1997 .

[4]  R. Luce,et al.  Simultaneous conjoint measurement: A new type of fundamental measurement , 1964 .

[5]  Martin Bichler,et al.  ABSolute: an intelligent decision making framework for e-sourcing , 2001, Proceedings Third International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2001.

[6]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[7]  P. Green,et al.  Conjoint Analysis in Consumer Research: Issues and Outlook , 1978 .

[8]  Gregory E. Kersten,et al.  WWW-based negotiation support: design, implementation, and use , 1999, Decis. Support Syst..

[9]  Ernest M. Thiessen,et al.  SmartSettle Described with the Montreal Taxonomy , 2003 .

[10]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.