Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

A General Methodology for Deriving Network Propagation Models of Computer Worms

Published

Author(s)

Shuvo Bardhan, Douglas C. Montgomery, James J. Filliben, Nathanael A. Heckert

Abstract

Externally-launched computer worms which maliciously propagate within networks are one of the most serious and dangerous security threats facing the commercial, political, military, and research community today. With an eye to the ultimate goal of detection and prevention of such worms, this paper addresses the preliminary step of constructing a predictive model for worm propagation. For this model we have chosen 3 fundamental factors known to affect worm propagation: size of the network IP space, proportion of the IP space with susceptible hosts, and rate at which an infected host scans other vulnerable hosts. This paper presents in detail the methodology (simulator construction + data generation + 2 sequential fitting steps) for constructing similar such general models; this methodology will have application across a variety f worm modeling scenarios. For demonstration purposes (and with no loss of generality), we apply this methodology to a 3-factor Class B network and derive a high quality (error
Citation
Technical Note (NIST TN) - 2035
Report Number
2035

Keywords

Networking, Computer Network, Network Propagation Models, Propagation Methodology, Sensitivity Analysis, Experiment Design, Predictive Models, Worm Modeling.
Created February 14, 2019