A General Methodology for Deriving Network Propagation Models of Computer Worms

Published: February 14, 2019


Shuvo Bardhan, Douglas C. Montgomery, James J. Filliben, Nathanael A. Heckert


Externally-launched computer worms which maliciously propagate within networks are one of the most serious and dangerous security threats facing the commercial, political, military, and research community today. With an eye to the ultimate goal of detection and prevention of such worms, this paper addresses the preliminary step of constructing a predictive model for worm propagation. For this model we have chosen 3 fundamental factors known to affect worm propagation: size of the network IP space, proportion of the IP space with susceptible hosts, and rate at which an infected host scans other vulnerable hosts. This paper presents in detail the methodology (simulator construction + data generation + 2 sequential fitting steps) for constructing similar such general models; this methodology will have application across a variety f worm modeling scenarios. For demonstration purposes (and with no loss of generality), we apply this methodology to a 3-factor Class B network and derive a high quality (error < 4%) predictive model across the 3 factors and across the entire iterative life of the worm. Further for this example, this paper presents a worm propagation sensitivity analysis which provides valuable insight into the most important factors and interactions affecting worm propagation speed.
Citation: Technical Note (NIST TN) - 2035
Report Number:
NIST Pub Series: Technical Note (NIST TN)
Pub Type: NIST Pubs


Networking, Computer Network, Network Propagation Models, Propagation Methodology, Sensitivity Analysis, Experiment Design, Predictive Models, Worm Modeling.
Created February 14, 2019, Updated February 14, 2019