A General Methodology for Deriving Network Propagation Models of Computer Worms
Shuvo Bardhan, Douglas C. Montgomery, James J. Filliben, Nathanael A. Heckert
Externally-launched computer worms which maliciously propagate within networks are one of the most serious and dangerous security threats facing the commercial, political, military, and research community today. With an eye to the ultimate goal of detection and prevention of such worms, this paper addresses the preliminary step of constructing a predictive model for worm propagation. For this model we have chosen 3 fundamental factors known to affect worm propagation: size of the network IP space, proportion of the IP space with susceptible hosts, and rate at which an infected host scans other vulnerable hosts. This paper presents in detail the methodology (simulator construction + data generation + 2 sequential fitting steps) for constructing similar such general models; this methodology will have application across a variety f worm modeling scenarios. For demonstration purposes (and with no loss of generality), we apply this methodology to a 3-factor Class B network and derive a high quality (error
, Montgomery, D.
, Filliben, J.
and Heckert, N.
A General Methodology for Deriving Network Propagation Models of Computer Worms, Technical Note (NIST TN), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.TN.2035
(Accessed May 9, 2021)