A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing

Shahzad, Khurram; Woodhead, Steve; Bakalis, Panos

doi:10.1007/978-3-642-40597-6_5

Cited by 5 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Virtualisation systems provide speed performance which is better than emulation systems because the guest hosts can directly access the physical host hardware [13]. Some existing virtualised testbeds include V-NetLab [14], ViSe [15], vGround [16] and VMT [17]. V-NetLab utilizes network virtualisation at the data-link layer in order to allow for the re-use of the same set of IP addresses in different virtual networks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

The V-network testbed for malware analysis

Ahmad¹,

Woodhead²,

Gan

2016

2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

Self Cite

View full text Add to dashboard Cite

Abstract-This paper presents a virtualised network environment that serves as a stable and re-usable platform for the analysis of malware propagation. The platform, which has been developed using VMware virtualisation technology, enables the use of either a graphical user interface or scripts to create virtual networks, clone, restart and take snapshots of virtual machines, reset experiments, clean virtual machines and manage the entire infrastructure remotely. The virtualised environment uses open source routing software to support the deployment of intrusion detection systems and other malware attack sensors, and is therefore suitable for evaluating countermeasure systems before deployment on live networks. An empirical analysis of network worm propagation has been conducted using worm outbreak experiments on Class A size networks to demonstrate the capability of the developed platform.

show abstract

Section: Related Workmentioning

confidence: 99%

“…This enables the development of multiple sessions of different worm experiments quickly, contrary to VMT [17] that used a substantially manual method.…”

Section: V-network a Designmentioning

confidence: 99%

The V-network testbed for malware analysis

Ahmad¹,

Woodhead²,

Gan

2016

2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT)

Self Cite

View full text Add to dashboard Cite

show abstract

“…But, as far as the authors of this paper are aware, no previous published work except [2] (which reports Slammer worm outbreak), has presented an infection and propagation analysis of any fast random scanning worm, Hit-list or Flash worm in a real isolated network with real worm outbreak conditions; which forms basis of this research work.…”

Section: A Empicircal Analysis Of Zero-day Wormsmentioning

confidence: 99%

“…The key characteristics possessed by worms are; a rapid rate of propagation, ability to self-replicate and increased sophistication of worm's code, which have made them highly infectious and capable of causing a denial of service attack on the internet as in the case of SQL Slammer outbreak. The SQL Slammer worm is considered to be the fastest randomscanning worm in the history as it has achieved its full aggregate scanning rate, of over 55 million scans per seconds, only after 3 minutes of its release [1], while infecting 90% of susceptible machines within 10 minutes [1,2]. Although, it did not contain any malicious payload, the traffic it has generated created halted parts of internet by causing a denialof-service attack.…”

Section: Introductionmentioning

confidence: 99%

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

Shahzad

Woodhead

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

Self Cite

View full text Add to dashboard Cite

Abstract-The cyber epidemiological analysis of computer worms has emerged a key area of research in the field of cyber security. In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior. The same facility can also be employed in testing candidate worm countermeasures. In this paper, we present the architecture and design of PseudoWorm Daemon; termed (PWD), which is designed to perform true random scanning and hit-list worm like functionality. The PWD is implemented as a proof-of-concept in C programming language. The PWD is platform independent and can be deployed on any host in an enterprise network. The novelty of this worm daemon includes; its UDP based propagation, a userconfigurable random scanning pool, ability to contain a user defined hit-list, authentication before infecting susceptible hosts and efficient logging of time of infection. Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes.The results obtained by Pseudo-Witty worm outbreak are quite comparable to real Witty worm outbreak; which are further quantified by using the Susceptible Infected (SI) model.

show abstract

Empirical Analysis of Rate Limiting + Leap Ahead (RL+LA) Countermeasure against Witty Worm

Shahzad

Woodhead

2015

2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable,

View full text Add to dashboard Cite

A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing

Cited by 5 publications

References 14 publications

The V-network testbed for malware analysis

The V-network testbed for malware analysis

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

Empirical Analysis of Rate Limiting + Leap Ahead (RL+LA) Countermeasure against Witty Worm

Contact Info

Product

Resources

About