WikiPrint - from Polar Technologies

A worm infects some vulnerable hosts, they organize into a P2P botnet with some botmaster and start exchanging C&C traffic. Experimenter wants to observe the evolution of the botnet and the amount of traffic that master receives. There are two classes of experiments here that need to be combined together:

  1. an experiment where worm spreads and infects vulnerable hosts
  2. an experiment where some hosts organize into P2P network and somehow elect a leader who then sends commands to them and they may send reports back

Example 1: Botnet

This example used two metadescriptions. Let's go through each of them. This example is written in [CurrentlyProposedLanguage].

Worm spread metadescription

Objects:

VNode extends Node

VNode := {state = Vulnerable, Vulnerability vulnerability = x}

INode := VNode {state = Infected}

Cardinality:

|INode|>=1

|VNode|>=1

Relationships:

Definitions:

each Inode i, some VNode v:

e1 := {type = SCAN, origin = i, destination = v, vulnerability = x }

s1 := {v.state = Infected}

Timeline:

e1 → if (e1.vulnerability == v.vulnerability) then s1

P2P w leader and C&C traffic metadescription

No image "peerobj.jpg" attached to BotnetExample

(in English: There must be two sets of hosts, at least two peers and at least one leader. Nothing is said about relationship between sets so it's possible that there's an intersection between those that is non-empty. All objects here are of type Nodes.)

No image "peerwf.jpg" attached to BotnetExample

(in English: Each peer contacts some other peer asking them to peer with it - the contacted peer may reply with a "yes". In parallel with this a peer somehow learns about a leader. If a leader object is known to a given peer, the peer will send it a "hello" message. The leader will then send commands to the peers it knows and may get reports from them back.).

Note that I haven't defined what wannapeer, yespeer, leader, hello, cmd and report events are and I should define it in the common domain knowledge base.

Experiment design

Now I'm a user who wants to design my experiment. I need to combine two metadescriptions and somehow tie them down to generator choices. To combine I need to specify how outputs of worm metadescription match inputs of P2P metadescription. I'll do something like this:

No image "wp2pcomb.jpg" attached to BotnetExample

i.e. each infected host becomes a peer.

The system now needs to offer me several generators:

User either chooses each generator or agrees to use a default one for each choice. User can then manipulate the generators (their parameters) and the workflow. For example the user may add "patched" state after the "infected" one with the "patch" event to make the transition.