TNRM based Simulation of Internet Worm Propagation

Z. Hao, X. Yun, H. Zhang, X. Yu, Z. Zhang, and W. Wang (PRC)


worm, simulation, TNRM


Worm propagation is one of the most serious problems in network security. Simulation is an efficient method to study the behavior of Internet worm propagation. How to deal with the inactive IP addresses and the low simulation efficiency of routing mechanism are two major problems in simulating Internet worms. According to the characteristics of Internet worms, this paper presents Terminal Node Routing Mapping (TNRM) mechanism, which constructs mapping between terminal nodes and their superior terminal routers, and maintains it in the memory as a part of routing tables. Based on the simulation of the processes of infection packets to the inactive IP addresses as in Internet, we use TNRM on terminal routers to determine whether an IP address is active or not, so that the simulation reality is improved. TNRM is also used in routing lookups of the packets sent to or leaving the terminal nodes, in order to avoid a large amount of unnecessary routing computation and improve the simulation efficiency. Compared with PDNS, TNRM can improve about 30% of the number of events generated during the simulation of worm propagation, and reduce 75% of the simulation time.

Important Links:

Go Back