42. Worm Model

Figure: The DN-AN model.

In this chapter, we describe a scalable worm propagation model in ns, namely the detailed-network and abstract-network (DN-AN) model. It combines packet-level simulations with analytic worm spreading model. As shown in Figure 42.1, we model the Internet with two parts: detailed, and abstract part. A detailed-network could be an enterprise-network or the network run by an ISP. It simulates network connectivity and packet transmission. Users can evaluate worm detection algorithms in the detailed network. On the other hand, we abstract the rest of the Internet with a mathematical model, namely susceptible-infectious-removal (SIR) model (refer to [13] for detailed descriptions). Compared to the detailed network, we only track several state variables in the abstract world, such as the number of infected hosts. The interaction between DN and AN is through actual packet transmissions, that is, the probing traffic generated by compromised hosts in both parts.

For detailed description on DN-AN model, please refer to our draft paper. We implement the worm propagation model as applications. The source code can be found at ~ns//apps/worm.{cc,h}. There is also a sample script to illustrate the DN-AN model under ~ns//tcl/ex/worm.tcl.

Tom Henderson 2011-11-05