emailModel-ICCCN04

emailModel-ICCCN04 - Email Worm Modeling and Defense Cliff...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Email Worm Modeling and Defense Cliff C. Zou , Don Tows ley , Weibo Gong Department of Electrical & Computer Engineering Department of Computer Science University of Massachusetts, Amherst, MA 01003 { czou, gong } @ecs.umass.edu, towsley@cs.umass.edu Abstract Email worms constitute one of the major Internet security problems. In this paper, we present an email worm model that accounts for the behaviors of email users by con- sidering email checking time and the probability of opening email attachments. Email worms spread over a logical network defined by email address relationship, which plays an important role in determining the spreading dynamics of an email worm. Our observations suggest that the node degrees of an email network are heavy-tailed distributed. We compare email worm propagation on three topologies: power law, small world and random graph topologies; and then study how the topology affects immunization defense on email worms. The impact of the power law topology on the spread of email worms is mixed: email worms spread more quickly on a power law topology than on a small world topology or a random graph topology, but immunization defense is more effective on a power law topology than on the other two. I. INTRODUCTION Email worms are malicious computer programs that prop- agate through email: when an email user clicks a worm program in the attachments of a worm email, the worm compromises the users computer and then finds all email addresses stored on this computer to send out worm email. Email has become an indispensable communication medium in our life. However, email worms keep attacking us with in- creasing intensity and using more advanced social engineering tricks. Some famous email worms include Melissa in 1999, Love Letter in 2000, W32/Sircam in 2001, SoBig in 2003, MyDoom , Bagle and Netsky in this year [1]. Like earthquake modeling or tornado modeling, a good email worm model gives us deep understanding of email worms, helps us evaluate the effectiveness of defense mecha- nisms, and provides possible early warning to help us control a worms potential damage. In this paper, we first present a realistic email worm model that accounts for the behaviors of email users by considering users email checking time and the probability of opening email attachments. Then we carry out extensive simulation studies. Email worms spread over a logical network defined by email addresses; our observation shows that the Internet-scale email network might be heavy- tailed distributed and we model it as a power law network. To study how topology affects an email worms propagation, we compare worm spreading on power law, small world and random graph topologies. We derive the conclusion that email worms spread more quickly on a power law topology than on the other two topologies; the other two topologies have little differences in terms of the propagation dynamics of email...
View Full Document

Page1 / 6

emailModel-ICCCN04 - Email Worm Modeling and Defense Cliff...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online