Skip to Main Content
Abstract modeling, such as using epidemic models, has been the general method of choice for understanding and analyzing the high-level effects of worms. However, high-fidelity models, such as packet-level models, are indispensable for moving beyond aggregate effects, to capture finer nuances and complexities associated with known and future worms in realistic network environments. We first identify the spectrum of available alternatives for worm modeling, and classify them according to their scalability and fidelity. Among them, we focus on three high-fidelity methods for modeling worms, and study their effectiveness with respect to scalability. Employing these methods, we are then able to, respectively, achieve some of the largest packet-level simulations of worm models to date; implant and attack actual worm monitoring/defense installations inside large simulated networks; and identify a workaround for real-time requirement that fundamentally constrains worm modeling at the highest fidelity levels.