2006 | OriginalPaper | Chapter
Virtual Playgrounds for Worm Behavior Investigation
Authors : Xuxian Jiang, Dongyan Xu, Helen J. Wang, Eugene H. Spafford
Published in: Recent Advances in Intrusion Detection
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
To detect and defend against Internet worms, researchers have long hoped to have a safe convenient environment to unleash and run real-world worms for close observation of their infection, damage, and propagation. However, major challenges exist in realizing such “worm playgrounds”, including the playgrounds’
fidelity, confinement, scalability
, as well as
convenience
in worm experiments. In this paper, we present a
virtualization-based
platform to create virtual worm playgrounds, called
vGrounds
, on top of a physical infrastructure. A vGround is an all-software virtual environment dynamically created for a worm attack. It has realistic end-hosts and network entities, all realized as virtual machines (VMs) and confined in a virtual network (VN). The salient features of vGround include: (1)
high fidelity
supporting real worm codes exploiting real vulnerable services, (2)
strict confinement
making the real Internet totally invisible and unreachable from inside a vGround, (3)
high resource efficiency
achieving sufficiently large scale of worm experiments, and (4)
flexible and efficient worm experiment control
enabling fast (tens of seconds) and automatic generation, re-installation, and final tear-down of vGrounds. Our experiments with real-world worms (including
multi-vector worms and polymorphic worms
) have successfully exhibited their probing and propagation patterns, exploitation steps, and malicious payloads, demonstrating the value of vGrounds for worm detection and defense research.