A model for studying the spread of computer viruses

ACM-SE 28 Pub Date : 1990-04-01 DOI:10.1145/98949.99127

J. K. Harris, R. Trueblood

{"title":"A model for studying the spread of computer viruses","authors":"J. K. Harris, R. Trueblood","doi":"10.1145/98949.99127","DOIUrl":null,"url":null,"abstract":"Lillie or no data exists on the spread of computer viruses. It is unethical to release even a controlled virus and monitor its activity since that virus, while it is active, steals CPU cycles and storage space from an unknowing participant. Another avenue of study is to model a computer environment and simulate the model. The simulated model can then be studied without the undesirable side effects of a real virus. The model can also be used to gauge the vulnerability of computer systems to viral infections as well as to provide a means for determining preventative measures against viral infections. The model implemented consists of a college computer center and the activities that take place around the computer center. A virus is released into the modeled computer center, and the effects arc observed. The modeled computer center accommodates Five types of users: students, majors, graduate students (grads), faculty, and system managers. The model contains a set of general purpose microcomputers for students, majors, and grads. Each microcomputer has two floppy disk drives and a connection to a central file server. Access to the file server is controlled. Each user type can have read, rcad/writc, or no access to the file server node. The model provides each faculty member and system manager with a microcomputer that is networked to the file server node and is equipped with a hard disk drive. All users have their own personal set of diskettes. A typical user's activity is modeled in the following manner. Users enter the computer center, choose what media they need to access (file server, personal diskettes, etc.), and perform transactions. A transaction can be copying a program, deleting a program, or executing a program. At some point in lime, a virus is introduced. When an infected program is executed, the virus seeks out and infects an eligible program (or programs). The spread of the virus is monitored. Up to three viruses can be introduced at various times. The initial infection occurs on a diskette, a hard drive, or the file server. If two different viruses infect the same program, only the most recent infection is active. Robert P. Trucbloocl Departm ent o f Com puter Science U niversity o f South Carolina Colum bia, South C arolina 29208 After an infected program is executed a given number of times, the virus has the option to trigger (i.e., become active). A triggered virus lias the option to do one of three things. It can delete one program, delete all programs on a diskette, or delete all programs on a hard drive or file server. After a given period of time, llic virus has the option to deactivate and the next lime (lie host program is executed, the virus removes itself from the program. Users also can copy or delete programs. When users copy programs, they can copy the program to themselves or to a friend. Each user has a clique of friends. When users are Finished with the computer, they sign off and leave the computer center. This model was simulated in Turbo Pascal on an IBM AT running MSDOS. A more detailed description of the model and its implementation is given in [1]. Seventeen different sets of parameters must be set before the simulation begins. Values for these parameters were obtained from data gathered from the computing facility at Coker College in Ilartsvillc, South Carolina. The simulator can be used to help answer several questions. For example, what effects do restricting access to the File server node have on the spread of a virus? A more general question might be: what effects do different topological paths of infection have on the spread of a virus? Another possible use of the simulator is Finding a way to help slow or stop the spread of viruses. If the main factors affecting the spread of computer viruses can be determined, measures can then be taken to slow or slop the spread of viruses. REFEREN CES 1. Harris, J.K., and Trueblood, R.P., \"A Description of a Model for Studying the Spread of Computer Viruses,\" Tech. Report No. TR90002, Department of Computer Science, University of South Carolina, Columbia, South Carolina 29208 (1990). Permission lo copy without fee all or port of this material is granted provided that the copies arc not made or distributed for direct com* merciol advantage, the ACM copyright notice and the title of tlie publication and its date appear, and notice Is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific per mission.","PeriodicalId":409883,"journal":{"name":"ACM-SE 28","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1990-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM-SE 28","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/98949.99127","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Lillie or no data exists on the spread of computer viruses. It is unethical to release even a controlled virus and monitor its activity since that virus, while it is active, steals CPU cycles and storage space from an unknowing participant. Another avenue of study is to model a computer environment and simulate the model. The simulated model can then be studied without the undesirable side effects of a real virus. The model can also be used to gauge the vulnerability of computer systems to viral infections as well as to provide a means for determining preventative measures against viral infections. The model implemented consists of a college computer center and the activities that take place around the computer center. A virus is released into the modeled computer center, and the effects arc observed. The modeled computer center accommodates Five types of users: students, majors, graduate students (grads), faculty, and system managers. The model contains a set of general purpose microcomputers for students, majors, and grads. Each microcomputer has two floppy disk drives and a connection to a central file server. Access to the file server is controlled. Each user type can have read, rcad/writc, or no access to the file server node. The model provides each faculty member and system manager with a microcomputer that is networked to the file server node and is equipped with a hard disk drive. All users have their own personal set of diskettes. A typical user's activity is modeled in the following manner. Users enter the computer center, choose what media they need to access (file server, personal diskettes, etc.), and perform transactions. A transaction can be copying a program, deleting a program, or executing a program. At some point in lime, a virus is introduced. When an infected program is executed, the virus seeks out and infects an eligible program (or programs). The spread of the virus is monitored. Up to three viruses can be introduced at various times. The initial infection occurs on a diskette, a hard drive, or the file server. If two different viruses infect the same program, only the most recent infection is active. Robert P. Trucbloocl Departm ent o f Com puter Science U niversity o f South Carolina Colum bia, South C arolina 29208 After an infected program is executed a given number of times, the virus has the option to trigger (i.e., become active). A triggered virus lias the option to do one of three things. It can delete one program, delete all programs on a diskette, or delete all programs on a hard drive or file server. After a given period of time, llic virus has the option to deactivate and the next lime (lie host program is executed, the virus removes itself from the program. Users also can copy or delete programs. When users copy programs, they can copy the program to themselves or to a friend. Each user has a clique of friends. When users are Finished with the computer, they sign off and leave the computer center. This model was simulated in Turbo Pascal on an IBM AT running MSDOS. A more detailed description of the model and its implementation is given in [1]. Seventeen different sets of parameters must be set before the simulation begins. Values for these parameters were obtained from data gathered from the computing facility at Coker College in Ilartsvillc, South Carolina. The simulator can be used to help answer several questions. For example, what effects do restricting access to the File server node have on the spread of a virus? A more general question might be: what effects do different topological paths of infection have on the spread of a virus? Another possible use of the simulator is Finding a way to help slow or stop the spread of viruses. If the main factors affecting the spread of computer viruses can be determined, measures can then be taken to slow or slop the spread of viruses. REFEREN CES 1. Harris, J.K., and Trueblood, R.P., "A Description of a Model for Studying the Spread of Computer Viruses," Tech. Report No. TR90002, Department of Computer Science, University of South Carolina, Columbia, South Carolina 29208 (1990). Permission lo copy without fee all or port of this material is granted provided that the copies arc not made or distributed for direct com* merciol advantage, the ACM copyright notice and the title of tlie publication and its date appear, and notice Is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific per mission.

查看原文本刊更多论文

研究计算机病毒传播的模型

关于计算机病毒传播的数据几乎不存在。释放受控制的病毒并监视其活动是不道德的，因为该病毒在活动时，会从不知情的参与者那里窃取CPU周期和存储空间。另一个研究途径是建立计算机环境模型并对模型进行模拟。然后可以对模拟模型进行研究，而不会产生真实病毒的不良副作用。该模型还可用于评估计算机系统对病毒感染的脆弱性，并为确定针对病毒感染的预防措施提供一种方法。实现的模型由一个大学计算机中心和围绕该计算机中心进行的活动组成。一种病毒被释放到模拟的计算机中心，并观察到其影响。模拟的计算机中心可容纳五种类型的用户:学生、专业学生、研究生、教师和系统管理员。该模型包含一组通用微型计算机，供学生、专业和毕业生使用。每台微型计算机有两个软盘驱动器和一个与中央文件服务器的连接。对文件服务器的访问受到控制。每种用户类型都可以对文件服务器节点具有读、读/写或无访问权限。该模型为每位教员和系统管理员提供了一台微型计算机，该微型计算机与文件服务器节点联网，并配备了硬盘驱动器。所有用户都有自己的一套个人软盘。典型用户的活动按照以下方式建模。用户进入计算机中心，选择他们需要访问的媒体(文件服务器、个人磁盘等)，并执行事务。事务可以是复制程序、删除程序或执行程序。在某个时间点，一种病毒被引入。当一个受感染的程序被执行时，病毒会寻找并感染一个(或多个)符合条件的程序。病毒的传播受到监控。最多可以在不同时间引入三种病毒。初始感染发生在磁盘、硬盘驱动器或文件服务器上。如果两个不同的病毒感染同一个程序，只有最近的感染是活跃的。Robert P. trucblool Com计算机科学系南卡罗莱纳大学哥伦比亚，南卡罗莱纳29208当一个受感染的程序被执行给定次数后，该病毒可以选择触发(即变得活跃)。被触发的病毒有以下三种选择:它可以删除一个程序，删除磁盘上的所有程序，或删除硬盘驱动器或文件服务器上的所有程序。在一段给定的时间后，llic病毒可以选择停用，并执行下一个宿主程序，病毒将自己从程序中删除。用户还可以复制或删除程序。当用户复制程序时，他们可以将程序复制给自己或朋友。每个用户都有一群朋友。当用户使用完计算机后，他们会注销并离开计算机中心。该模型在运行MSDOS的IBM AT上用Turbo Pascal进行了仿真。b[1]中给出了对模型及其实现的更详细的描述。在模拟开始之前，必须设置17组不同的参数。这些参数的值是从南卡罗来纳州ilartsville的Coker学院的计算设施收集的数据中获得的。模拟器可以用来帮助回答几个问题。例如，限制对文件服务器节点的访问对病毒的传播有什么影响?一个更普遍的问题可能是:感染的不同拓扑路径对病毒的传播有什么影响?模拟器的另一个可能用途是寻找一种方法来帮助减缓或阻止病毒的传播。如果能够确定影响计算机病毒传播的主要因素，那么就可以采取措施来减缓或阻止病毒的传播。参考文献1。Harris, j.k.和Trueblood, r.p.，“研究计算机病毒传播模型的描述”，技术报告第1号。TR90002，南卡罗来纳州哥伦比亚市南卡罗来纳大学计算机科学系29208(1990)。允许免费复制本材料的全部或部分，前提是该副本不是为直接商业利益而制作或分发的，必须出现ACM版权声明、出版物标题和日期，并注明复制是由计算机协会许可的。以其他方式复制，或重新发布，需要费用和/或特定的任务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM-SE 28

自引率

0.00%

发文量