Simulating Malware with MAlSim

Abstract

This paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance of malware independently. MAlSim Toolkit provides multiple classes of agents and diverse behavioural and migration/replication patterns (which, taken together, form malware templates), to be used for implementation of various types of malware (viruses, worms, malicious mobile code). The primary application of MAlSim is to support security assessments of information systems based on simulation of attacks against these systems. In this context, the framework was successfully applied to the studies on security of the information system of a power plant. The case study proved the operability, applicability and usefulness of the simulation framework and it led to very interesting conclusions on the security of the evaluated system.