Modeling the spread and prevention of malicious mobile code via simulation
Shirey, Christopher Brian
MetadataShow full item record
Malicious mobile code causes billions of dollars every year in damages, and that cost keeps increasing. Traditional signature-based anti-virus software is a reactive solution that can not detect fast spreading malicious code quickly enough to prevent widespread infection. If we hope to prevent widespread infection of future malicious mobile code, new prevention techniques must be developed that either stop a new infection completely, or at least limit the spread until signature-based anti-virus software can be updated. Simulators exist that model the spread of malicious mobile code, but none currently exists that can efficiently model host-based and network-based spread prevention techniques and the effect that those techniques have on the spread of the infection. This thesis presents Hephaestus, which is a new simulator framework designed to meet these requirements and be flexible enough to meet future requirements. This thesis also presents the results of four experiments: one that models spread with no prevention techniques applied, one that models the effects of a monoculture on spread, one that models the effect of lost detection, and one that shows the effects of tar pits.