Issue No. 02 - April-June (2007 vol. 4)
Cliff C. Zou , IEEE
Don Towsley , IEEE
Weibo Gong , IEEE
As many people rely on e-mail communications for business and everyday life, Internet e-mail worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, e-mail worms spread over a logical network defined by e-mail address relationships, making traditional epidemic models invalid for modeling the propagation of e-mail worms. In addition, we show that the topological epidemic models presented in , , , and  largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study e-mail worm propagation in this paper. We present an e-mail worm simulation model that accounts for the behaviors of e-mail users, including e-mail checking time and the probability of opening an e-mail attachment. Our observations of e-mail lists suggest that an Internet e-mail network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power-law network. To study the topological impact, we compare e-mail worm propagation on power-law topology with worm propagation on two other topologies: small-world topology and random-graph topology. The impact of the power-law topology on the spread of e-mail worms is mixed: E-mail worms spread more quickly on a power-law topology than on a small-world topology or a random-graph topology, but immunization defense is more effective on a power-law topology.
Network security, e-mail worm, worm modeling, epidemic model, simulation.
W. Gong, C. C. Zou and D. Towsley, "Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms," in IEEE Transactions on Dependable and Secure Computing, vol. 4, no. , pp. 105-118, 2007.