Simulating Benchmark Datasets for Worm Propagation Studies

Identifying the roots of a worm and reconstructing its spread path are among essential concerns in digital forensics. This knowledge assist the prosecutor in understanding how the attack happened in the network and how security protections were breached. Evaluating methods proposed for this purpose is problematic due to the lack of suitable datasets containing both worm traffic and normal traffic. In this paper, we investigate various approaches of generating such datasets and propose a technique to generate suitable datasets for these evaluations. ReaSE is a tool for creating realistic simulation environments, which considers three aspects, i.e., topology generation, normal traffic generation, and attack traffic generation. We modify ReaSE to make it suitable for generating these datasets. We also generate various datasets for Code Red I, Code Red II, SQL Slammer and modified version of them in different scenarios and make them accessible to the public.