Upcoming SlideShare
×

Worm Propagation Simulation Analysis

1,135 views
1,042 views

Published on

Worm Propagation Simulation Analysis

Published in: Technology
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total views
1,135
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
30
0
Likes
0
Embeds 0
No embeds

No notes for slide

Worm Propagation Simulation Analysis

1. 1. Page 1 of 22 Name: Allen Galvan Due: 22 November 2005 CSFI 214: Information Security Systems Analysis – Fall 2005 Lab #4: Worms Last printed 11/20/2005 22:43:00 a11/p11 Page 1 of 22
2. 2. Page 2 of 22 Directions................................................................................................................................. .3 Worm Propagation Simulation (Local/Global Networks) Introduction.................................4 . Summarize each Worm......................................................................................... ...................4 Analyze each Worm Simulation....................................................................... .......................6 Compare the Similarities and Dissimilarities of the Worms ..................................................................................................................... ...........................13 Bibliography............................................................................................................ ...............15 Appendix..................................................................................................... ...........................16 Last printed 11/20/2005 22:43:00 a11/p11 Page 2 of 22
3. 3. Page 3 of 22 Directions Hand in a report with the answers to these questions. You must include an appendix with each of the plots and annotated screen shots for each worm. o The raw data must be included in the Excel spreadsheet when the assignment is sent electronically. Last printed 11/20/2005 22:43:00 a11/p11 Page 3 of 22
9. 9. Page 9 of 22 The Patched for the local network infection was slightly more dramatic at 40%, whereas the global network infection was minor at 5%, at 15 days after the attack started.  The Infected for the global network infection was about the same, i.e., constant at about 45% at 15 days after the infection started. 12. What conclusions can you draw from your analysis of the data?  Patched systems were more slowly infected compared to vulnerable systems. The local and global network infection were both mildly infected. Analyze the results of the Netsky simulation: 1. When was the peak infection?  The infection on the local netw occurred 16 days 9 hours. ork 2. When did the infections effectively stop spreading (i.e. almost no infection)?  The infection on the local netw occurred 23 days 14 hours. ork 3. What can you infer from the steepness and direction of the slope in the graphs?  The slopes of the local network Patchedand Infected are increasing slightly. The Infected slope reached a point of inflection at 15 days and began decreasing.  The slope of the global network Infected is increasing sharply, and leveled off at 13 days, and decreased at 21 days. The slope of the global network Patched increased slightly. 4. What do sudden changes (infections) indicate?  Sudden changes (infections) indicate that either the infection was suddenly stopped, or it suddenly became more infectious. 5. How rapidly did the infection spread?  The infection spread from vulnerable computers. 6. Which local networks get infected?  Get infected first?  The network with no security got infected first.  Prevented the spread most affectively?  The network with strong host and network security prevented the worm spread most effectively. 7. Did patching help to slow the infection in each of the local networks and globally?  Patching did not help slow the infection, for the local network.  Patching helped slow the infection for the global network. 8. What interesting patterns did you find?  Local Network: The Patched was infected at a constant rate and reached a point of increasing inflection at 70%, about 23 days after the attack started. The Infected was infected at a constant parabolic rate and reached a maximum of 32%, and the slope turned downward, at 15.5 days, to a point of 18% at 23 days after the attack started.  Global Network: The Patched was infected at a constant rate and reached a maximum of 30%, about 23 days after the attack started. The Infected was Last printed 11/20/2005 22:43:00 a11/p11 Page 9 of 22