Abstract
One frequently employed way of propagation exploited by worms is through the victim’s contact book. The contact book, which reflects the acquaintance profiles of people, is used as a “hit-list”, to which the worm can send itself in order to spread fast. In this paper we propose a discrete worm propagation model that relies upon a combined email and Instant Messaging (IM) communication behaviour of users. We also model user reaction against infected email as well as the rate at which antivirus software is installed. User acquaintance is perceived as a “network” connecting users based on their contact book links. We then propose a worm propagation formulation based on a token propagation algorithm, further analyzed with a use of a system of continuous differential equations, as dictated by Wormald’s theorem on approximating “well-behaving” random processes with deterministic functions.
Partially supported by the IST Programme of the European Union under contact number IST-2005-15964 (AEOLUS) and the INTAS Programme under contract with Ref. No 04-77-7173 (Data Flow Systems: Algorithms and Complexity (DFS-AC)).
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CERT advisory CA-2004-02
CERT advisory CA-2001-26 Nimda Worm
CERT incident note IN-2003-03
Gostev, A.: Malware Evolution: Kaspersky Lab Report 4 (January - March 2005)
IMlogic Threat Center, Symantec Corporation, http://www.imlogic.com/im_threat_center/index.asp
Kephart, J.O., White, S.R.: Measuring and Modeling Computer Virus Prevalence. In: Proc. 1993 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California (1993)
Mannan, M., Oorschot, P.: On Instant Messaging Worms, Analysis and Countermeasures. In: Proc. of the 2005 ACM workshop on Rapid malcode (WORM 2005) (2005)
Microsoft, How to update your computer with the JPEG processing (GDI+) security update, http://www.microsoft.com/athome/security/update/bulletins/200409_jpeg_tool.mspx
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE security and privacy 1(4), 33–39 (2003)
Murphy, G.M.: Ordinary Differential Equations and their Solutions. D. Van Nostrand Company Inc. (1960)
Symantec Internet Security Threat Report Trends for January 05-December 05, vol. VIII and IX (2005)
Wang, C., Knight, J., Elder, M.: On computer viral infection and the effect of immunization. In: Proc. of the 16th annual computer security applications conference (ACSAC 2000), New Orleans, LA (December 2000)
Wormald, N.C.: The differential equation method for random graph processes and greedy algorithms. Ann. Appl. Probab. 5, 1217–1235 (1995)
Zou, C.C., Gong, W., Towsley, D.: Code-red worm propagation modeling and analysis. In: Proc. of the 9th ACM conference on Computer and Communications Security, pp. 138–147. ACM Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Komninos, T., Stamatiou, Y.C., Vavitsas, G. (2006). A Worm Propagation Model Based on People’s Email Acquaintance Profiles. In: Spirakis, P., Mavronicolas, M., Kontogiannis, S. (eds) Internet and Network Economics. WINE 2006. Lecture Notes in Computer Science, vol 4286. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11944874_31
Download citation
DOI: https://doi.org/10.1007/11944874_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68138-0
Online ISBN: 978-3-540-68141-0
eBook Packages: Computer ScienceComputer Science (R0)