PArallel Worm Simulator

	PArallel Worm Simulator \| Overview \| Publications \| Download \| People \| Contact \|

Overview In our research on simulation of Internet worm spread, we designed and implemented a PArallel Worm Simulator, called PAWS. PAWS is a time discrete packet-level simulator. Compared with other worm modeling and simulations, PAWS replicates more details of the Internet environment and has less simplification on worm characteristics and vulnerable hosts behaviors. PAWS simulates a realistic Internet model and the background traffic load, enabling investigation of possible congestion effects and sufferings of legitimate traffic during worm spread. PAWS further supports various user-customizable parameters that enables testing of different worm characteristics, host and network diversity models. PAWS is a distributed simulator running on multiple common PCs which are synchronized over TCP/IP network. This design feature brings PAWS not only good performance but sufficient resources to simulate worm spread in large scale with realistic details. With the modular design, delicate implementation on Emulab Testbed, flexible and customizable configuration, and high-fidelity Internet modeling, we hope PAWS will be a useful tool for researchers of worm and other Internet-wide events.
Publications S. Wei and J. Mirkovic, A Realistic Simulation of Internet-Scale Events, Proceedings of the 2006 VALUETOOLS Conference, October 2006 S. Wei, J. Mirkovic, and M. Swany Distributed Worm Simulation with a Realistic Internet Model, Proceedings of the 2005 Symposium on Modeling and Simulation of Malware, June 2005
Download(coming soon) Standard C implementation on Emulab Testbed: paws.tar.gz After successful compilation, two executable are generated. The program paws_server should be started first on node0 of Emulab experiment, and paws_client runs respectively on node1, node2, ...... Sample input data paws_RT.dat: This file contains the routing information for the simulation. This information is partially retrieved from Route Views data. Missing routes are generated as shortest paths. ASLinks.dat: This file contains all the inter-AS links with corresponding bandwidth values assigned. BGPAtom2AS.dat: This file maps BGP atoms to the owner ASes. IPRangeTable.dat: This file contains all the IP ranges with their owner BGP atoms and ASes. Distribution-n.dat: This file splits and distributes the AS map onto n simulation machines.
People Dr. Jelena Mirkovic Songjie Wei
Contact Please send questions or bug reports to Mr. Songjie Wei
[Network Security Lab] [Computer & Information Sciences Dept] [University of Delaware]