PArallel Worm Simulator

| Overview | Publications | Download | People | Contact |

Overview

In our research on simulation of Internet worm spread, we designed and implemented a PArallel Worm Simulator, called PAWS. PAWS is a time discrete packet-level simulator. Compared with other worm modeling and simulations, PAWS replicates more details of the Internet environment and has less simplification on worm characteristics and vulnerable hosts behaviors. PAWS simulates a realistic Internet model and the background traffic load, enabling investigation of possible congestion effects and sufferings of legitimate traffic during worm spread. PAWS further supports various user-customizable parameters that enables testing of different worm characteristics, host and network diversity models.

PAWS is a distributed simulator running on multiple common PCs which are synchronized over TCP/IP network. This design feature brings PAWS not only good performance but sufficient resources to simulate worm spread in large scale with realistic details.

With the modular design, delicate implementation on Emulab Testbed, flexible and customizable configuration, and high-fidelity Internet modeling, we hope PAWS will be a useful tool for researchers of worm and other Internet-wide events.

Publications

  • S. Wei, C. Ko, J. Mirkovic, and A. Hussain, DETER Testbed’s Support for Worm Experimentation, in Proceedings of TridentCom, 2009
  • S. Wei and J. Mirkovic, A Realistic Simulation of Internet-Scale Events, in Proceedings of the VALUETOOLS Conference, 2006
  • S. Wei, J. Mirkovic, and M. Swany, Distributed Worm Simulation with a Realistic Internet Model, in Proceedings of PADS Symposium, 2005

Download

o        Standard C implementation on Emulab/DETER Testbed: paws.tgz

§         After successful compilation, two executable are generated. The program paws_server should be started first on node0 of Emulab experiment, and paws_client runs respectively on node1, node2, ......

 

  • Sample input data

§   paws_RT.dat: This file contains the routing information for the simulation. This information is partially retrieved from Route Views data. Missing routes are generated as shortest paths.

§   ASLinks.dat: This file contains all the inter-AS links with corresponding bandwidth values assigned.

§   BGPAtom2AS.dat: This file maps BGP atoms to the owner ASes.

§   IPRangeTable.dat: This file contains all the IP ranges with their owner BGP atoms and ASes.

§   Distribution-n.dat: This file splits and distributes the AS map onto n simulation machines.

People

·         Dr. Jelena Mirkovic

·         Songjie Wei

Contact

Please send comments or bug reports to Songjie Wei

[Network Security Lab]  [Computer & Information Sciences Dept]  [University of Delaware]