Internet Worm Attacks and Stochastic Agent Models
Jeremy Bradley
Imperial College London, 180 Queens Gate, London SW7 2BZ, UK
Recent malicious Internet worms such as Code Red (July 2001), Nimbda
(September 2001) and most recently MS Blaster (August 2003) have been
very successful in shutting down large sections of the Internet.
Nicol et al [4] have shown that most of a worm's worst effects are
experienced by the Internet routers that link the major backbone
networks together, which are completely overwhelmed by the explosion in
particular types of Internet traffic.
Nicol et al have taken the approach of modelling such a worm attack
using simple epidemiological models: i.e. looking at the current number
of computers that are infected, the number of computers susceptible to
infection, and those that are removed from the system due to worm
infection. These epidemiological models, once parameterised, are very
good at producing average predictions of infection growth but quite poor
when it comes to describing early-onset behaviour (especially possible
early-extinction events).
This project seeks to transfer and automate a technique, originally used
to model ant and bee colony behaviour by Sumpter, to generate ad verify
macroscopic models of Internet worm infection. By building a stochastic
agent model of the worm, we will be able either to justify and explain
the use of global epidemiological models, or alternatively to suggest
modifications to the model which would better describe the worm's
infection behaviour. We also hope to shed light on crucial early-onset
behaviour which would aid enormously in being able to spot the early
stages of worm infection, even if an infection attempt has failed (i.e.
become extinct).
|