SYSTEM AND METHOD TO EMULATE MOBILE LOGIC IN A COMMUNICATION SYSTEM
First Claim
1. A system to emulate mobile logic, comprising:
- a first host including a client that determines a test description; and
a second host that is capable of running a virtual vulnerable service associated with the mobile logic based on the test description, wherein a control server of the second host controls whether one or more messages associated with the mobile logic are transmitted at a port associated with the virtual vulnerable service.
1 Assignment
0 Petitions
Accused Products
Abstract
Abstract of the Disclosure
A system includes hosts that may be infected with mobile logic. One type of mobile logic is a worm, which can be a process that is capable of causing a (possibly evolved) copy of itself to execute on one or more hosts of the system. An infected host of the system can infect other hosts based on criteria, such as targeting, visibility, vulnerability, or infectability of the other hosts. A worm can be represented as a Turing Machine whose state can be determined using computational methods. A worm can be emulated in the system to determine worm detection capabilities of the system. Emulating the worm can allow the system to be tested with less negative impact than using the actual worm.
18 Citations
30 Claims
-
1. A system to emulate mobile logic, comprising:
-
a first host including a client that determines a test description; and a second host that is capable of running a virtual vulnerable service associated with the mobile logic based on the test description, wherein a control server of the second host controls whether one or more messages associated with the mobile logic are transmitted at a port associated with the virtual vulnerable service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of emulating mobile logic in a system, comprising:
-
providing a test description to a plurality of hosts; running a virtual vulnerable service associated with the mobile logic at a first host of the plurality of hosts based on the test description; and transmitting one or more messages associated with the mobile logic at a port of the first host based on a control server of the first host. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
receiving a message of the one or more messages at a second host of the plurality of hosts; and transmitting at least one message associated with the mobile logic at a port of the second host in response to receiving the message at the second host.
-
-
15. The method of claim 12, further comprising stopping a transmission of the one or more messages at the port of the first host in response to receiving a command at the control server.
-
16. The method of claim 12, further comprising stopping a transmission of the one or more messages at the port of the first host in response to transmitting the one or more messages at the port of the first host for a predetermined amount of time.
-
17. The method of claim 12, further comprising receiving information relating to an emulation of the mobile logic from the first host.
-
18. The method of claim 12, further comprising limiting a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of packets per second.
-
19. The method of claim 12, further comprising limiting a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of bytes per second.
-
20. The method of claim 12, further comprising determining that the one or more messages are to be transmitted at the port in response to receiving one or more packets associated with the mobile logic at the port.
-
21. The method of claim 12, further comprising determining that the one or more messages are to be transmitted at the port in response to the first host receiving a command from a host that provides the test description to the plurality of hosts.
-
22. The method of claim 12, wherein providing the test description includes providing the test description that indicates a range of internet protocol (IP) addresses, and wherein running the virtual vulnerable service includes running the virtual vulnerable service associated with the mobile logic at the first host having an IP address in the range.
-
23. An article of manufacture comprising a computer-readable medium for storing computer instructions that enable a processor-based system to:
-
provide a test description to a plurality of hosts; run a virtual vulnerable service associated with the mobile logic at a first host of the plurality of hosts based on the test description; and transmit one or more messages associated with the mobile logic at a port of the first host based on a control server of the first host. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
receive a message of the one or more messages at a second host of the plurality of hosts; and transmit at least one message associated with the mobile logic at a port of the second host in response to receiving the message at the second host.
-
-
26. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
-
stop a transmission of the one or more messages at the port of the first host in response to receiving a command at the control server from the first host or a host that provides the test description to the plurality of hosts;
orstop the transmission of the one or more messages at the port of the first host in response to transmitting the one or more messages at the port of the first host for a predetermined amount of time.
-
-
27. The article of manufacture of claim 23, further including instructions that enable a processor-based system to receive information relating to an emulation of the mobile logic from the first host.
-
28. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
-
limit a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of packets per second;
orlimit the frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of bytes per second.
-
-
29. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
-
determine that the one or more messages are to be transmitted at the port in response to the port receiving one or more packets associated with the mobile logic;
ordetermine that the one or more messages are to be transmitted at the port in response to the first host receiving a command from a host that provides the test description to the plurality of hosts.
-
-
30. The article of manufacture of claim 23, wherein the test description indicates a range of internet protocol (IP) addresses, and wherein the first host has an IP address in the range.
Specification