research-article

Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms

Authors:

Weibo GongAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 4, Issue 2

Pages 105 - 118

https://doi.org/10.1109/TDSC.2007.1001

Published: 01 April 2007 Publication History

Abstract

As many people rely on e-mail communications for business and everyday life, Internet e-mail worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, e-mail worms spread over a logical network defined by e-mail address relationships, making traditional epidemic models invalid for modeling the propagation of e-mail worms. In addition, we show that the topological epidemic models presented in [1], [2], [3], and [4] largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study e-mail worm propagation in this paper. We present an e-mail worm simulation model that accounts for the behaviors of e-mail users, including e-mail checking time and the probability of opening an e-mail attachment. Our observations of e-mail lists suggest that an Internet e-mail network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power-law network. To study the topological impact, we compare e-mail worm propagation on power-law topology with worm propagation on two other topologies: small-world topology and random-graph topology. The impact of the power-law topology on the spread of e-mail worms is mixed: E-mail worms spread more quickly on a power-law topology than on a small-world topology or a random-graph topology, but immunization defense is more effective on a power-law topology.

References

[1]

M. Boguna, R. Pastor-Satorras, and A. Vespignani, “Epidemic Spreading in Complex Networks with Degree Correlations,” Lecture Notes in Physics: Statistical Mechanics of Complex Networks, 2003.

[2]

Y. Moreno, J. Gomez, and A.F. Pacheco, “Epidemic Incidence in Correlated Complex Networks,” Physical Rev. E, vol. 68, 2003.

[3]

Y. Moreno, R.P. Satorras, and A. Vespignani, “Epidemic Outbreaks in Complex Heterogeneous Networks,” European Physical J.B, vol. 26, 2002.

[4]

R. Pastor-Satorras and A. Vespignani, “Epidemic Spreading in Scale-Free Networks,” Physical Rev. Letters, vol. 86, 2001.

[5]

F. Cohen, “Computer Viruses: Theory and Experiments,” Computers and Security, vol. 6, no. 1, Feb. 1987.

Digital Library

[6]

CERT, “CERT/CC Advisories,” 2005, http://www.cert.org/advisories/.

[7]

CERT, “CERT Advisory CA-2001-20: Continuing Threats to Home Users,” http://www.cert.org/advisories/CA-2001-20.html, July 2001.

[8]

J. Kephart, D.M. Chess, and S. White, “Computers and Epidemiology,” IEEE Spectrum, vol. 30, no. 5, May 1993.

Digital Library

[9]

J. Kephart and S. White, “Directed-Graph Epidemiological Models of Computer Viruses,” Proc. IEEE Symp. Security and Privacy, pp.343-359, 1991.

[10]

J. Kephart and S. White, “Measuring and Modeling Computer Virus Prevalence,” Proc. IEEE Symp. Security and Privacy, 1993.

Digital Library

[11]

Z. Chen, L. Gao, and K. Kwiat, “Modeling the Spread of Active Worms,” Proc. IEEE INFOCOM '03, pp. 1890-1900, Mar. 2003.

[12]

G. Kesidis, I. Hamadeh, and S. Jiwasurat, “Coupled Kermack-McKendrick Models for Randomly Scanning and Bandwidth-Saturating Internet Worms,” Proc. Third Int'l Workshop QoS in Multiservice IP Networks (QoS-IP), pp. 101-109, Feb. 2005.

Digital Library

[13]

D. Nicol and M. Liljenstam, “Models of Internet Worm Defense,” Proc. Inst. for Math. and Its Applications (IMA) Workshop 4: Measurement, Modeling and Analysis of the Internet, http://www.ima.umn.edu/talks/workshops/1-12-16.2004/nicol/talk.pdf, Jan. 2004.

[14]

D. Nojiri, J. Rowe, and K. Levitt, “Cooperative Response Strategies for Large Scale Attack Mitigation,” Proc. Third DARPA Information Survivability Conf. and Exhibition, Apr. 2003.

[15]

J. Wu, S. Vangala, L. Gao, and K. Kwiat, “An Efficient Architecture and Algorithm for Detecting Worms with Various Scan Techniques,” Proc. 11th Ann. Network and Distributed System Security Symp. (NDSS '04), Feb. 2004.

[16]

C. Zou, L. Gao, W. Gong, and D. Towsley, “Monitoring and Early Warning for Internet Worms,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), pp. 190-199, Oct. 2003.

Digital Library

[17]

C. Zou, W. Gong, and D. Towsley, “Code Red Worm Propagation Modeling and Analysis,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 138-147, Oct. 2002.

Digital Library

[18]

S. Staniford, V. Paxson, and N. Weaver, “How to Own the Internet in Your Spare Time,” Proc. Usenix Security Symp., pp. 149-167, Aug. 2002.

Digital Library

[19]

Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos, “Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint,” Proc. 22nd Symp. Reliable Distributed Computing, Oct. 2003.

[20]

A. Ganesh, L. Massoulie, and D. Towsley, “The Effect of Network Topology on the Spread of Epidemics,” Proc. IEEE INFOCOM '04, Mar. 2004.

[21]

C. Wang, J.C. Knight, and M.C. Elder, “On Viral Propagation and the Effect of Immunization,” Proc. 16th ACM Ann. Computer Applications Conf., Dec. 2000.

Digital Library

[22]

C. Wong, S. Bielski, J.M. McCune, and C. Wang, “A Study of Massmailing Worms,” Proc. ACM Conf. Computer and Comm. Security Workshop Rapid Malcode (WORM '04), Oct. 2004.

Digital Library

[23]

M. Newman, S. Forrest, and J. Balthrop, “Email Networks and the Spread of Computer Viruses,” Physical Rev. E, vol. 66, no. 035101, 2002.

[24]

C. Moore and M. Newman, “Exact Solution of Site and Bond Percolation on Small-World Networks,” Physical Rev. E, vol. 62, 2000.

[25]

M. Newman, S. Strogatz, and D. Watts, “Random Graphs with Arbitrary Degree Distributions and Their Applications,” Physical Rev. E, vol. 64, no. 026118, 2001.

[26]

R. Albert, H. Jeong, and A. Barabasi, “Error and Attack Tolerance of Complex Networks,” Nature, vol. 406, pp. 378-382, 2000.

[27]

Yahoo! Groups, http://groups.yahoo.com, 2005.

[28]

T. Bu and D. Towsley, “On Distinguishing between Internet Power Law Topology Generators,” Proc. IEEE INFOCOM '02, June 2002.

[29]

P. Erdos, “Graph Theory and Probability,” Canadian J. Math., vol. 11, 1959.

[30]

D. Watts and S. Strogatz, “Collective Dynamic of Small-World Networks,” Nature, vol. 393, 1998.

[31]

M. Newman, I. Jensen, and R. Ziff, “Percolation and Epidemics in a Two-Dimensional Small World,” Physical Rev. E, vol. 65, no. 021904, 2002.

[32]

C. Zou, D. Towsley, and W. Gong, “On the Performance of Internet Worm Scanning Strategies,” J. Performance Evaluation, vol. 63, no. 7, July 2006.

Digital Library

[33]

D. Moore, C. Shannon, G.M. Voelker, and S. Savage, “Internet Quarantine: Requirements for Containing Self-Propagating Code,” Proc. IEEE INFOCOM '03, Mar. 2003.

[34]

C. Zou, “Internet Email Worm Propagation Simulator,” http://www.cs.ucf.edu/~czou/research/emailWormSimulation.html, 2005.

[35]

M. Veeraraghavan, “How Long to Run Simulations—Confidence Intervals,” http://www.ece.virginia.edu/~mv/edu/prob/stat/how-to-simulate.doc, 2005.

[36]

M. Jovanovic, F. Annexstein, and K. Berman, “Modeling Peer-to-Peer Network Topologies through Small-World Models and Power Laws,” Telecomm. Forum, Nov. 2001.

[37]

K. Trivedi, Probability and Statistics with Reliability, Queuing and Computer Science Applications. John Wiley & Sons, 2001.

Digital Library

[38]

C. Zou, D. Towsley, and W. Gong, “Email Virus Propagation Modeling and Analysis,” Technical Report TR-03-CSE-04, Electrical and Computer Eng. Dept., Univ. of Massachusetts, http://www.cs.ucf.edu/~czou/research/emailvirus-techreport.pdf, May 2003.

Cited By

Chee KGe MBai GKim D(2024)IoTSecSimComputers and Security10.1016/j.cose.2023.103534136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103534
Farsimadan EMoradi LPalmieri F(2024)A General Study on the Malware Propagation Models in Wireless Sensor NetworksComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65223-3_6(83-99)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65223-3_6
Wang TLi HXia CZhang HZhang P(2023)From the Dialectical Perspective: Modeling and Exploiting of Hybrid Worm PropagationIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.324676518(1610-1624)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1109/TIFS.2023.3246765
Show More Cited By

Index Terms

Recommendations

Modeling and Analysis of Patching Structured Benign Worms Countering against Worms
ICVRV '14: Proceedings of the 2014 International Conference on Virtual Reality and Visualization

Due to the active defense of benign worms against the damage imposed by worms, benign worms have been paid enough attention by network security researchers. This paper presents patching structured benign worms, and we designed their deployment and work ...
Modeling and Analysis of Active Benign Worms and Hybrid Benign Worms Containing the Spread of Worms
ICN '07: Proceedings of the Sixth International Conference on Networking

Worms are a serious and growing threat to network and traditional antivirus technologies do not currently scale to deal with the worm threat. Benign worms, especially active benign worms and hybrid benign worms, become a new active countermeasure. In ...
Worm propagation modeling and analysis under dynamic quarantine defense
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode

Due to the fast spreading nature and great damage of Internet worms, it is necessary to implement automatic mitigation, such as dynamic quarantine, on computer networks. Enlightened by the methods used in epidemic disease control in the real world, we ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 4, Issue 2

April 2007

80 pages

ISSN:1545-5971

Issue’s Table of Contents

Copyright © 2007.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 April 2007

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chee KGe MBai GKim D(2024)IoTSecSimComputers and Security10.1016/j.cose.2023.103534136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103534
Farsimadan EMoradi LPalmieri F(2024)A General Study on the Malware Propagation Models in Wireless Sensor NetworksComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65223-3_6(83-99)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65223-3_6
Wang TLi HXia CZhang HZhang P(2023)From the Dialectical Perspective: Modeling and Exploiting of Hybrid Worm PropagationIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.324676518(1610-1624)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1109/TIFS.2023.3246765
Engström VLagerström R(2022)Two decades of cyberattack simulationsComputers and Security10.1016/j.cose.2022.102681116:COnline publication date: 1-May-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102681
Wang MSong L(2021)Efficient defense strategy against spam and phishing emailJournal of Information Security and Applications10.1016/j.jisa.2021.10294761:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.jisa.2021.102947
Masood ZSamar RRaja M(2020)Design of fractional order epidemic model for future generation tiny hardware implantsFuture Generation Computer Systems10.1016/j.future.2019.12.053106:C(43-54)Online publication date: 1-May-2020
https://dl.acm.org/doi/10.1016/j.future.2019.12.053
Banerjee SJenamani MPratihar D(2020)A survey on influence maximization in a social networkKnowledge and Information Systems10.1007/s10115-020-01461-462:9(3417-3455)Online publication date: 29-Mar-2020
https://dl.acm.org/doi/10.1007/s10115-020-01461-4
Wang TXia C(2020)H2P: A Novel Model to Study the Propagation of Modern Hybrid Worm in Hierarchical NetworksAlgorithms and Architectures for Parallel Processing10.1007/978-3-030-60248-2_17(251-269)Online publication date: 2-Oct-2020
https://dl.acm.org/doi/10.1007/978-3-030-60248-2_17
Yang HChen DSun GDing XXin YBaños R(2019)CC2Complexity10.1155/2019/90575312019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/9057531
Wang XSong BNi WLiu RGuo YNiu XZheng K(2019)Group-Based Susceptible-Infectious-Susceptible Model in Large-Scale Directed NetworksSecurity and Communication Networks10.1155/2019/16571642019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/1657164
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents