Malicious mobile code related experiments with an extensible network simulator
The automated spread of worms such as Code-Red, SQL/Slammer, and Nimda have caused costly problems to computers connected to the Internet. Even users whose machines were not vulnerable to these threats suffered a loss of productivity and experienced great frustration as connectivity and network traffic were negatively impacted during outbreaks. Although the number of new worm attacks reported in the media seems to be declining, it is vital that researchers study the effects of malicious code on the global network to understand how to defend against future threats. The choice of system for studying the spread of worms and viruses in this work was Hephaestus, a discrete-event network simulator, developed during the course of this dissertation. Several experiments on self-replicating malicious computer code including the validation of the simulator through a study of the spread of Code-Red, efficiently defending against email-based worms, and distributing policy information in an enterprise network have been performed. This dissertation reports the results of these experiments as well as a theoretical insight concerning spread metrics and how the damage caused by malicious code should be measured.