https://doi.org/10.31979/etd.kfxs-8dsx">

Publication Date

2009

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

Abstract

This project addresses the need for an application level simulator to simulate Internet-wide phenomenon such as flash worms, botnets, Distributed Denial-of-Service attacks, etc. There are many network simulators intended for parallel and distributed simulation, but most are designed to simulate low level communication protocols such as TCP/IP. The desire to simulate rapidly spreading malware for research and teaching purposes lead us to explore the Spamulator, which was designed to simulate spam email on an Internet-wide scale. The Spamulator was developed by a team at the University of Calgary. It is a lightweight, application level simulator, which implements limited set of features of the Internet. In this project, the Spamulator is enhanced with the User Datagram Protocol (UDP) to simulate UDP worms. The modified version of the Spamulator is called the Wormulator. Wormulator tracks instantaneous network traffic, identifies and signals congestion throughout the network. The Wormulator is further enhanced with the use of POSIX threads instead of forking processes to create a distributed network of simulated servers. The resulting tool is called the “Enhanced Wormulator”. Finally, a random scanning UDP worm with behavior similar to the well known SQL Slammer worm is modeled to validate the results of our simulation. Results and data gathered from the simulation exhibit a qualitative resemblance to the realworld SQL Slammer worm. “Enhanced Wormulator”, which uses POSIX thread instead of forking a process, had a catalytic effect on the scalability factor of the simulation. The simulation was run on a network of 30,000 server nodes. Hence, we conclude that rapidly spreading malware can be effectively simulated using the Wormulator.

Share

COinS