emailModel-ICCCN04 - Email Worm Modeling and Defense Cliff...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Email Worm Modeling and Defense Cliff C. Zou ∗ , Don Tows ley † , Weibo Gong ∗ ∗ Department of Electrical & Computer Engineering † Department of Computer Science University of Massachusetts, Amherst, MA 01003 { czou, gong } @ecs.umass.edu, [email protected] Abstract — Email worms constitute one of the major Internet security problems. In this paper, we present an email worm model that accounts for the behaviors of email users by con- sidering email checking time and the probability of opening email attachments. Email worms spread over a logical network defined by email address relationship, which plays an important role in determining the spreading dynamics of an email worm. Our observations suggest that the node degrees of an email network are heavy-tailed distributed. We compare email worm propagation on three topologies: power law, small world and random graph topologies; and then study how the topology affects immunization defense on email worms. The impact of the power law topology on the spread of email worms is mixed: email worms spread more quickly on a power law topology than on a small world topology or a random graph topology, but immunization defense is more effective on a power law topology than on the other two. I. INTRODUCTION “Email worms” are malicious computer programs that prop- agate through email: when an email user clicks a worm program in the attachments of a worm email, the worm compromises the user’s computer and then finds all email addresses stored on this computer to send out worm email. Email has become an indispensable communication medium in our life. However, email worms keep attacking us with in- creasing intensity and using more advanced social engineering tricks. Some famous email worms include Melissa in 1999, “ Love Letter ” in 2000, “ W32/Sircam ” in 2001, “ SoBig ” in 2003, “ MyDoom ”, “ Bagle ” and “ Netsky ” in this year [1]. Like earthquake modeling or tornado modeling, a good email worm model gives us deep understanding of email worms, helps us evaluate the effectiveness of defense mecha- nisms, and provides possible early warning to help us control a worm’s potential damage. In this paper, we first present a realistic email worm model that accounts for the behaviors of email users by considering users’ email checking time and the probability of opening email attachments. Then we carry out extensive simulation studies. Email worms spread over a logical network defined by email addresses; our observation shows that the Internet-scale email network might be heavy- tailed distributed and we model it as a power law network. To study how topology affects an email worm’s propagation, we compare worm spreading on power law, small world and random graph topologies. We derive the conclusion that email worms spread more quickly on a power law topology than on the other two topologies; the other two topologies have little differences in terms of the propagation dynamics of email...
View Full Document

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 6

emailModel-ICCCN04 - Email Worm Modeling and Defense Cliff...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online