Home Research Personal activity Linux & Security Link

Internet Worm Propagation Simulator   ( 02/21/04)

Cliff C. Zou

In our research on Internet worm modeling, I have written two Internet worm propagation simulators. One simulator is for simulation of uniform scan worms, such as Code Red and Slammer; another is for simulation of sequential scan worms, such as Blaster. The sequential scan worm simulator assumes that vulnerable hosts are uniformly distributed in BGP routable space.

Both are high level simulators for simulating a worm's propagation in the whole Internet. I have not considered packet-level events and Internet topological effect. These simulators do not  consider human's countermeasures and congestions caused by worm scan traffic. However, you can decrease the worm's average scan rate in the codes to consider congestion effect; and you can easily modify the codes to consider simple human countermeasures, such as considering the removal of infected hosts that follows Kermack-Mckendrick epidemic model.

Both simulators are written in C language for the consideration of simulation speed. They output their simulation results into data files. I write MATLAB programs to draw figures for our papers and to use Kalman filter for early worm detection (please see our papers in CCS'02 and CCS'03).

Notes:

1. The simulators have detailed inline document (both are for 100 simulation runs). For further explanation of formulas, notations, and usage, please see our early worm detection paper in CCS'03 and our recent submitted journal version paper on early worm detection. You can see the Matlab program blasterCodeRedCompare.m to know how to extract data from output data files.

2. In both simulators, we do not use any model.  The propagation of a uniform scan worm or a sequential scan follows the simple epidemic model very well when the number of hosts in a simulation is large.

3. MATLAB is very good for data processing and for generating figures for academic paper. We have seen many papers having simulation figures with too small fonts and too thin curves, which can be easily solved by using Matlab. When you use "plot" command in matlab to draw a figure, you can then use the menu in the matlab figure window to directly edit this figure. You can add legend, change font size of labels or axis, change the thickness of curves, add text box, draw lines or arrows, add markers (circle, triangle, square, etc) on curves, change axis' labels, etc.

For me, I always first maximize the figure window, then use menu "edit"->"figure property"->"apply template" to change all font size to 20 and curve thickness to 2. In this way, the figure will have clear readable fonts and curves in my paper. You can set up this template by using menu "edit"->"figure property"->"change template". After this "apply template" step, I save the figure in Matlab figure format to prepare for future edition and then export it as a EPS color file for my Latex paper. Thus for each figure, I generate two files, one is .fig and one is .eps. (this .fig is also useful when you make Powerpoint slides)

After the "apply template" step, if I need, I can change a curve's line pattern or color, size and name of font of each individual object by first selecting this object, then using menu "edit"->"current object properties". To add readable markers on curves, I use the following command in matlab program to generate figure: t=1:15:1000; plot(t, data(t),'b--');  Then I add markers on this curve through matlab figure window (without "t", markers on one curve will squeeze together).

4. If you use Latex to write academic paper, I have written a document to introduce how to write Latex paper in Windows more conveniently than in Linux.