emailWorm-TDSC - 1 Modeling and Simulation Study of the...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm Cliff C. Zou , Don Towsley , Weibo Gong School of Electrical Engineering and Computer Science University of Central Florida, Orlando FL Department of Computer Science, University of Massachusetts, Amherst MA Department of Electrical & Computer Engineering, University of Massachusetts, Amherst MA czou@cs.ucf.edu, gong@ecs.umass.edu, towsley@cs.umass.edu Abstract — As many people rely on email communications for business and everyday life, Internet email worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, email worms spread over a logical network defined by email address relationship, making traditional epidemic models invalid for modeling the propagation of email worms. In addition, we show that the topological epidemic models presented in [1], [2], [3], [4] largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study email worm propagation in this paper. We present an email worm simulation model that accounts for the behaviors of email users, including email checking time and the probability of opening an email attachment. Our observations of email lists suggest that an Internet email network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power law network. To study the topological impact, we compare email worm propagation on power law topology with worm propagation on two other topologies: small world topology and random graph topology. The impact of the power law topology on the spread of email worms is mixed: email worms spread more quickly than on a small world topology or a random graph topology, but immunization defense is more effective on a power law topology. Index Terms — Network security, email worm, worm modeling, epidemic model, simulation I. INTRODUCTION Computer viruses and worms have been studied for a long time both by research and application communities. Cohen’s work [5] formed the theoretical basis for this field. In the early 1980s, viruses spread mainly through the exchange of floppy disks. At that time, only a small number of computer viruses existed, and virus infection was usually restricted to a local area. As computer networks and the Internet became more popular from the late 1980s, viruses and worms quickly evolved the ability to spread through the Internet by various means such as file downloading, email, exploiting security holes in software, etc. Currently, email worms constitute one of the major Internet security problems. For example, Melissa in 1999, Love Letter in 2000, and W32/Sircam in 2001 spread widely throughout the Internet and caused tremendous damage [6]. There is, however, no formal definition of email worm in the research area—a computer program can be called an email worm as long as it can replicate and propagate by sending copies of itself through email messages.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 14

emailWorm-TDSC - 1 Modeling and Simulation Study of the...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online