Modelling and Simulating the Propagation of Computer Worms

stract Active worms propagate across networks by employing various target discovery techniques. It is anticipated that a future active worm would employ multiple target discovery techniques simultaneously to greatly accelerate its propagation. Strategies that future active worms might employ to shorten the slow start phase in their propagation are studied. Their respective cost-effectiveness is assessed. This thesis also presents a study on modelling and simulating the propagation of Peerto- Peer (P2P) worms. Motivated by the aspiration to invent an easy-to-employ instrument for research on the propagation of P2P worms, I model the propagation processes of P2P worms by difference equations of logic matrix, which are essentially discrete-time deterministic propagation models of P2P worms. To the best of my knowledge, I am the first using logic matrix in network security research. The instrument’s ease of employment, which is demonstrated by its applications in our simulation experiments, makes it an attractive tool to conduct research on the propagation of P2P worms. The major contributions in this thesis are firstly, the combination of target discovery techniques that can best accelerate propagation of active worms was suggested; secondly, strategies to shorten an active worm’s slow start phase in its propagation were assessed based on a cost and benefit analysis; thirdly, I proposed a novel logic matrix approach to modelling the propagation of P2P worms; and fourthly, I found the impacts of the two different topologies on a P2P worm’s attack performance, and compared the effects of two different quarantine tactics.