A study of mass-mailing worms

Mass-mailing worms have made a significant impact on the Internet. These worms consume valuable network resources and can also be used as a vehicle for DDoS attacks. In this paper, we analyze network traffic traces collected from a college campus and present an in-depth study on the effects of two mass-mailing worms, SoBig and MyDoom, on outgoing traffic. Rather than proposing a defense strategy, we focus on studying the fundamental behavior and characteristics of these worms. This analysis lends insight into the possibilities and challenges of automatically detecting, suppressing and stopping mass mailing worm propagation in a enterprise network environment.

[1]  Yang Wang,et al.  Modeling the effects of timing parameters on virus propagation , 2003, WORM '03.

[2]  Matthew M. Williamson Design, implementation and test of an email virus throttle , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[4]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[6]  Gregory R. Ganger,et al.  Self-Securing Network Interfaces: What, Why and How (CMU-CS-02-144) , 2002 .

[7]  R. Sekar,et al.  An Approach for Detecting Self-propagating Email Using Anomaly Detection , 2003, RAID.

[8]  Dawn Xiaodong Song,et al.  Dynamic quarantine of Internet worms , 2004, International Conference on Dependable Systems and Networks, 2004.

[9]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[11]  Yong Tang,et al.  Slowing down Internet worms , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[12]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[13]  Christos Faloutsos,et al.  Epidemic spreading in real networks: an eigenvalue viewpoint , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..