Modeling and simulation study of the propagation and defense of internet e-mail worms

    Authors

    C. C. Zou; D. Towsley;W. B. Gong

    Comments

    Authors: contact us about adding a copy of your work at STARS@ucf.edu

    Abbreviated Journal Title

    IEEE Trans. Dependable Secur. Comput.

    Keywords

    network security; e-mail worm; worm modeling; epidemic model; simulation; COMPLEX NETWORKS; Computer Science, Hardware & Architecture; Computer Science, Information; Systems; Computer Science, Software Engineering

    Abstract

    As many people rely on e-mail communications for business and everyday life, Internet e-mail worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, e-mail worms spread over a logical network defined by e-mail address relationships, making traditional epidemic models invalid for modeling the propagation of e-mail worms. In addition, we show that the topological epidemic models presented in [ 1], [ 2], [ 3], and [ 4] largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study e-mail worm propagation in this paper. We present an e-mail worm simulation model that accounts for the behaviors of e-mail users, including e-mail checking time and the probability of opening an e-mail attachment. Our observations of e-mail lists suggest that an Internet e-mail network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power-law network. To study the topological impact, we compare e-mail worm propagation on power-law topology with worm propagation on two other topologies: small-world topology and random-graph topology. The impact of the power-law topology on the spread of e-mail worms is mixed: E-mail worms spread more quickly on a power-law topology than on a small-world topology or a random-graph topology, but immunization defense is more effective on a power-law topology.

    Journal Title

    Ieee Transactions on Dependable and Secure Computing

    Volume

    4

    Issue/Number

    2

    Publication Date

    1-1-2007

    Document Type

    Article

    Language

    English

    First Page

    105

    Last Page

    118

    WOS Identifier

    WOS:000246207400003

    ISSN

    1545-5971

    Share

    COinS