AESOP home


WORMS: Detecting Internet Worm Attacks using Stochastic Agent Models

Dr Jeremy Bradley
Nuffield project NAL/00805/G
Started in March 2004
Completed in March 2006
Funded value

Recent malicious Internet worms such as Code Red (July 2001), Nimbda (September 2001) and most recently MS Blaster (August 2003) have been very successful in shutting down large sections of the Internet. Nicol et al have shown that most of a worm's worst effects are experienced by the Internet routers that link the major backbone networks together, which are completely overwhelmed by the explosion in certain types of Internet traffic.

By looking at how an individual worm behaves as it spreads through the Internet, this project aims to develop an accurate model of global computer infection. With such a model, we will attempt our main objectives:

  1. to develop an early-warning system for an Internet worm attack, by recognising distinctive early-onset traffic patterns
  2. to suggest modifications to the behaviour of Internet routers so that a potential worm has limited or even nullified effect