Comparative Performance of a Parallel Implementation of an Internet-Scale Zero-Day Worm Epidemiology Simulator

Abstract

The threat posed by fast-spreading malware is significant, particularly given the fact that network operator/administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections. The cost of zero-day network worm outbreaks has been estimated to be up to US $2.6 billion for a single worm outbreak. Zero-day network worm outbreaks have been observed that spread at a significant pace across the global Internet, with an observed rate of reaching more than 90 percent of vulnerable hosts within 10 minutes. An accepted technology that is used in addressing the security threat presented by zero-day worms is the use of simulation systems, and a common factor determining their efficacy is their performance. An empirical comparison of a sequential and parallel implementation of a novel simulator, the Internet Worm Simulator (IWS), is presented detailing the impact of a selection of parameters on its performance. Experimentation demonstrates that IWS has the capability to simulate up to 91.8 million packets transmitted per second (PTS) for an IPv4 address space simulation on a single workstation computer, comparing favourably to previously reported metrics. It is concluded that in addition to comparing PTS performance, simulation requirements should be taken into consideration when assessing the performance of such simulators.