System and method to emulate mobile logic in a communication system
First Claim
Patent Images
1. A system to emulate a worm, comprising:
- a first host that provides a test description, wherein said test description defines one or more emulated worms, and propagation characteristics of said emulated worms, said test description being a non-executable specification;
one or more participating hosts in a network that have previously agreed to participate in a test of said emulated worms, and that receive said test description, wherein said participating hosts generate said emulated worms according to said test description, said participating hosts having been pre-loaded with client software required to participate in said test; and
one or more virtual vulnerable services in each of said participating hosts that operate according to said client software during said test to thereby generate and propagate messages over said network according to said test description, said virtual vulnerable services representing services in said participating hosts affected by said emulated worms, said messages transmitted by said emulated worms and acting to propagate said emulated worms to other participating hosts according to said test description, such that operation of said participating hosts during said test in response to said emulated worms is defined according to said test description, wherein operation of a non-participating host would not be defined by said test description when said non-participating host is not executing said client software upon receipt of messages from said emulated worms.
1 Assignment
0 Petitions
Accused Products
Abstract
A system includes hosts that may be infected with mobile logic. One type of mobile logic is a worm, which can be a process that is capable of causing a (possibly evolved) copy of itself to execute on one or more hosts of the system. An infected host of the system can infect other hosts based on criteria, such as targeting, visibility, vulnerability, or infectability of the other hosts. A worm can be represented as a Turing Machine whose state can be determined using computational methods. A worm can be emulated in the system to determine worm detection capabilities of the system. Emulating the worm can allow the system to be tested with less negative impact than using the actual worm.
-
Citations
41 Claims
-
1. A system to emulate a worm, comprising:
-
a first host that provides a test description, wherein said test description defines one or more emulated worms, and propagation characteristics of said emulated worms, said test description being a non-executable specification; one or more participating hosts in a network that have previously agreed to participate in a test of said emulated worms, and that receive said test description, wherein said participating hosts generate said emulated worms according to said test description, said participating hosts having been pre-loaded with client software required to participate in said test; and one or more virtual vulnerable services in each of said participating hosts that operate according to said client software during said test to thereby generate and propagate messages over said network according to said test description, said virtual vulnerable services representing services in said participating hosts affected by said emulated worms, said messages transmitted by said emulated worms and acting to propagate said emulated worms to other participating hosts according to said test description, such that operation of said participating hosts during said test in response to said emulated worms is defined according to said test description, wherein operation of a non-participating host would not be defined by said test description when said non-participating host is not executing said client software upon receipt of messages from said emulated worms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of emulating a worm in a system, comprising:
-
providing, using a first host, a test description to one or more participating hosts in a network, wherein said test description defines one or more emulated worms, and propagation characteristics of said emulated worms, said test description being a non-executable specification; generating said emulated worms based on said test description at said participating hosts, said participating hosts having previously agreed to participate in a test of said emulated worms, said participating hosts having been pre-loaded with client software required to participate in said test; and instantiating one or more virtual vulnerable services based on said test description at each of said participating hosts that operate according to said client software during said test to thereby generate and propagate messages over the network according to said test description, said virtual vulnerable services representing services in said participating hosts affected by said emulated worms, said messages transmitted by said emulated worms and acting to propagate said emulated worms to other participating hosts according to said test description, such that operation of said participating hosts during said test in response to said emulated worms is defined according to said test description, wherein operation of a non-participating host would not be defined by said test description when said non-participating host is not executing said client software upon receipt of messages from said emulated worms. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An article of manufacture storing a non-transitory computer-usable medium having instructions stored thereon that, when executed by a computing device, cause said computing device to perform operations comprising:
-
providing, using a first host, a test description to one or more participating hosts in a network, wherein said test description defines one or more emulated worms, and propagation characteristics of said emulated worms, said test description being a non-executable specification; generating said emulated worms based on said test description at said participating hosts, said participating hosts having previously agreed to participate in a test of said emulated worms, said participating hosts having been pre-loaded with client software required to participate in said test; and instantiating one or more virtual vulnerable services based on said test description at each of said participating hosts that operate according to said client software during said test to thereby generate and propagate messages over the network according to said test description, said virtual vulnerable services representing services in said participating hosts affected by said emulated worms, said messages transmitted by said emulated worms and acting to propagate said emulated worms to other participating hosts according to said test description, such that operation of said participating hosts during said test in response to said emulated worms is defined according to said test description, wherein operation of a non-participating host would not be defined by said test description when said non-participating host is not executing said client software upon receipt of messages from said emulated worms. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification