A propagation model of a vulnerability mitigation computer worm - SeaWave

Ziyad Al-Salloum, Stephen D. Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this paper, we propose and analyze an analytical propagation model of a vulnerability mitigation worm (SeaWave). The model takes into consideration the topology structure of enterprise networks such as switches, LANs, and backbone, proposing the first computer worm that use layer two of the OSI model as its main propagation medium. The model also addresses the worm's communication delays due to CAM table reading (α), neighbor switch communication (β), and backbone mapping (ε). We also propose a bandwidth model to measure the traffic generated within different stages of worm propagation. Different simulations of different hierarchical topologies of enterprise networks have been driven to further evaluate and observe the defensive worm's performance in large scale networks.
Original languageEnglish
Title of host publicationProceedings of the 2011 5th International Network and System Security Conference (NSS 2011)
PublisherIEEE Computer Society Press
ISBN (Print)978-1-4577-0458-1
Publication statusPublished - 6 Sept 2011

Cite this