Title

Modeling and simulation study of the propagation and defense of internet e-mail worms

Authors

Authors

C. C. Zou; D. Towsley;W. B. Gong

Comments

Authors: contact us about adding a copy of your work at STARS@ucf.edu

Abbreviated Journal Title

IEEE Trans. Dependable Secur. Comput.

Keywords

network security; e-mail worm; worm modeling; epidemic model; simulation; COMPLEX NETWORKS; Computer Science, Hardware & Architecture; Computer Science, Information; Systems; Computer Science, Software Engineering

Abstract

As many people rely on e-mail communications for business and everyday life, Internet e-mail worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, e-mail worms spread over a logical network defined by e-mail address relationships, making traditional epidemic models invalid for modeling the propagation of e-mail worms. In addition, we show that the topological epidemic models presented in [ 1], [ 2], [ 3], and [ 4] largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study e-mail worm propagation in this paper. We present an e-mail worm simulation model that accounts for the behaviors of e-mail users, including e-mail checking time and the probability of opening an e-mail attachment. Our observations of e-mail lists suggest that an Internet e-mail network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power-law network. To study the topological impact, we compare e-mail worm propagation on power-law topology with worm propagation on two other topologies: small-world topology and random-graph topology. The impact of the power-law topology on the spread of e-mail worms is mixed: E-mail worms spread more quickly on a power-law topology than on a small-world topology or a random-graph topology, but immunization defense is more effective on a power-law topology.

Journal Title

Ieee Transactions on Dependable and Secure Computing

Volume

4

Issue/Number

2

Publication Date

1-1-2007

Document Type

Article

Language

English

First Page

105

Last Page

118

WOS Identifier

WOS:000246207400003

ISSN

1545-5971

Share

COinS