Hephaestus
Hephaestus is a discrete event simulator, capable of simulating virus and worm spread on real topologies. Its original code was developed by one of my Master's students, Brian Shirey, who did a fine job of creating an extensible and practical simulator, suitable for use in the classroom. The work was extended by Attila Ondi (a Ph.D. student) who has conducted a number of experiments to validate the simulator, as well as to test different hypotheses.
While a purpose-built simulator may seem redundant, the design does in fact make sense. The original simulator was generously sponsored by a grant from Cisco, with the intent of creating a tool I could use in the classroom. Part of the problem with self-replicating code is it is easy to underestimate the rapacious appetite of the code: it's surprising, even to a scientist, just how quickly exponential growth blows up when encountered in the real world. In order to make the code redistributable, we opted for a home-grown simulator for the Windows platform.
Once the simulator was complete, I realized its efficacy - the timing was perfect, as the "Monoculture" debate was raging (the argument went something like this: "the Windows monoculture is bad for security because self-replicating code can rip through the whole population - there is no immunity because of the homogeneity of the gene pool"), and I was curious just how much diversity one would need to actually help in a meaningful way. The answer was "lots".
Other things we've done with Hephaestus include simulating social networks and examining how short-term message recall might reduce virus spread, adding background traffic (so many worm "solutions" don't get tested in networks which are large enough to stress them... and where there is no background traffic) for different protocols.
Current research topics with the simulator include simulating virus spread on a MANET. Watch this space - we're still adding functionality and conducting experiments.
Selected References
Ondi A., and Ford R., Modeling Malcode with Hephaestus - Beyond Simple Spread, IEEE Topical Conference on Cybersecurity, Daytona Beach, 2006
Ford R., Bush M., and Boulatov A., Predation and the Cost of Replication: A New Approach for Solution Providers? Computers and Security, Volume 25, Issue 4, pp.257-264. (2006)
El Far I., Ford R., Ondi A., and Pancholi M., Suppressing the Spread of Email Malcode using Short-Term Message Recall, Journal of Computer Virology, Volume 1, Number 1, pp. 4-12, November 2005