A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing

Computer network worms are one of the most significant malware threats and have gained wide attention due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. In order to detect and defend against network worms, a safe and convenient environment is required to closely observe their infection and propagation behaviour. The same facility can also be employed in testing candidate worm countermeasures. This paper presents the design, implementation and commissioning of a novel virtualized malware testing environment, based on virtualization technologies provided by VMware and open source software. The novelty of this environment is its scalability of running virtualised hosts, high fidelity, confinement, realistic traffic generation, and efficient log file creation. This paper also presents the results of an experiment involving the launch of a Slammer-like worm on the testbed to show its propagation behaviour.