CyberSim: Geographic, temporal, and organizational dynamics of malware propagation

Abstract

Cyber-infractions into a nation's strategic security envelope pose a constant and daunting challenge. We present the modular CyberSim tool which has been developed in response to the need to realistically simulate at a national level, software vulnerabilities and resulting malware propagation in online social networks. CyberSim suite (a) can generate realistic scale-free networks from a database of geo-coordinated computers to closely model social networks arising from personal and business email contacts and online communities; (b) maintains for each host a list of installed software, along with the latest published vulnerabilities; (c) allows to designate initial nodes where malware gets introduced; (d) simulates using distributed discrete event-driven technology, the spread of malware exploiting a specific vulnerability, with packet delay and user online behavior models; (e) provides a graphical visualization of spread of infection, its severity, businesses affected etc to the analyst. We present sample simulations on a national level network with millions of computers.

Extracted Key Phrases

12 Figures and Tables

Cite this paper

@article{Santhi2010CyberSimGT, title={CyberSim: Geographic, temporal, and organizational dynamics of malware propagation}, author={Nandakishore Santhi and Guanhua Yan and Stephan Eidenbenz}, journal={Proceedings of the 2010 Winter Simulation Conference}, year={2010}, pages={2876-2887} }