Skip to main content

A Worm Propagation Model Based on People’s Email Acquaintance Profiles

  • Conference paper
Internet and Network Economics (WINE 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4286))

Included in the following conference series:

  • 1023 Accesses

Abstract

One frequently employed way of propagation exploited by worms is through the victim’s contact book. The contact book, which reflects the acquaintance profiles of people, is used as a “hit-list”, to which the worm can send itself in order to spread fast. In this paper we propose a discrete worm propagation model that relies upon a combined email and Instant Messaging (IM) communication behaviour of users. We also model user reaction against infected email as well as the rate at which antivirus software is installed. User acquaintance is perceived as a “network” connecting users based on their contact book links. We then propose a worm propagation formulation based on a token propagation algorithm, further analyzed with a use of a system of continuous differential equations, as dictated by Wormald’s theorem on approximating “well-behaving” random processes with deterministic functions.

Partially supported by the IST Programme of the European Union under contact number IST-2005-15964 (AEOLUS) and the INTAS Programme under contract with Ref. No 04-77-7173 (Data Flow Systems: Algorithms and Complexity (DFS-AC)).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. CERT advisory CA-2004-02

    Google Scholar 

  2. CERT advisory CA-2001-26 Nimda Worm

    Google Scholar 

  3. CERT incident note IN-2003-03

    Google Scholar 

  4. Gostev, A.: Malware Evolution: Kaspersky Lab Report 4 (January - March 2005)

    Google Scholar 

  5. IMlogic Threat Center, Symantec Corporation, http://www.imlogic.com/im_threat_center/index.asp

  6. Kephart, J.O., White, S.R.: Measuring and Modeling Computer Virus Prevalence. In: Proc. 1993 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California (1993)

    Google Scholar 

  7. Mannan, M., Oorschot, P.: On Instant Messaging Worms, Analysis and Countermeasures. In: Proc. of the 2005 ACM workshop on Rapid malcode (WORM 2005) (2005)

    Google Scholar 

  8. Microsoft, How to update your computer with the JPEG processing (GDI+) security update, http://www.microsoft.com/athome/security/update/bulletins/200409_jpeg_tool.mspx

  9. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE security and privacy 1(4), 33–39 (2003)

    Article  Google Scholar 

  10. Murphy, G.M.: Ordinary Differential Equations and their Solutions. D. Van Nostrand Company Inc. (1960)

    Google Scholar 

  11. Symantec Internet Security Threat Report Trends for January 05-December 05, vol. VIII and IX (2005)

    Google Scholar 

  12. Wang, C., Knight, J., Elder, M.: On computer viral infection and the effect of immunization. In: Proc. of the 16th annual computer security applications conference (ACSAC 2000), New Orleans, LA (December 2000)

    Google Scholar 

  13. Wormald, N.C.: The differential equation method for random graph processes and greedy algorithms. Ann. Appl. Probab. 5, 1217–1235 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  14. Zou, C.C., Gong, W., Towsley, D.: Code-red worm propagation modeling and analysis. In: Proc. of the 9th ACM conference on Computer and Communications Security, pp. 138–147. ACM Press, New York (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Komninos, T., Stamatiou, Y.C., Vavitsas, G. (2006). A Worm Propagation Model Based on People’s Email Acquaintance Profiles. In: Spirakis, P., Mavronicolas, M., Kontogiannis, S. (eds) Internet and Network Economics. WINE 2006. Lecture Notes in Computer Science, vol 4286. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11944874_31

Download citation

  • DOI: https://doi.org/10.1007/11944874_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68138-0

  • Online ISBN: 978-3-540-68141-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics