| 6 | | 1. A botnet experiment where a worm infects some vulnerable hosts, they organize into a P2P botnet with some botmaster and start exchanging C&C traffic. |
| 7 | | a) an experiment where worm spreads and infects vulnerable hosts |
| 8 | | b) an experiment where some hosts organize into P2P network and somehow elect a botmaster |
| 9 | | c) an experiment where peers start exchanging some C&C botnet traffic |
| | 6 | 1. A botnet experiment where a worm infects some vulnerable hosts, they organize into a P2P botnet with some botmaster and start exchanging C&C traffic. Experimenter wants to observe the evolution of the botnet and the amount of traffic that master receives. There are three classes of experiments here that need to be combined together: |
| | 7 | a. an experiment where worm spreads and infects vulnerable hosts |
| | 8 | b. an experiment where some hosts organize into P2P network and somehow elect a botmaster |
| | 9 | c. an experiment where peers start exchanging some C&C botnet traffic |
| 11 | | 2. |
| | 11 | 2. A cache poisoning experiment where the attacker poisons a DNS cache to take over authority for a given domain. The attacker then creates a phishing page and tries to steal user's usernames/passwords. There are two classes of experiments that need to be combined: |
| | 12 | a. an experiment where a DNS cache is poisoned, subclass of cache poisoning experiments |
| | 13 | b. an experiment where a phishing attack is conducted via a Web page to steal usernames/passwords |
| | 14 | |
| | 15 | 3. An ARP spoofing experiment where the attacker puts himself in between two nodes and then modifies their traffic. There are two classes of experiments that need to be combined: |
| | 16 | a. an experiment where ARP poisoning happens between two nodes by the attacker |
| | 17 | b. an experiment where an attacker changes traffic passing through it |
