Coping with Instant Messaging Worms - Statistical Modeling and Analysis

Due to the real time nature and presence information of instant messaging (IM) system, worms spread over IM networks more rapidly than Internet/E-mail worms. Modeling is an indispensable process for coping with them. Most of existing worm modeling techniques are based on deterministic biological epidemiology. Epidemic models only capture the expected worm behavior quantitatively and may not be adequate to model the early phase of worm propagation when the number of infected hosts is small. In this paper, we present a statistical branching process for modeling IM worms. By introducing stochastic variables for user response time in IM worm modeling, we are able to conduct more accurate and sophisticated analysis of worm's behaviors, especially for the early phase of worm propagation. The analysis provides a guideline on how to defend against IM worms.

[1]  Mark Coates,et al.  Epidemiological Modelling of Peer-to-Peer Viruses and Pollution , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[2]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[4]  J. Kingman A FIRST COURSE IN STOCHASTIC PROCESSES , 1967 .

[5]  James Moody,et al.  Peer influence groups: identifying dense clusters in large networks , 2001, Soc. Networks.

[6]  Andrew Byde,et al.  Virus Throttling for Instant Messaging , 2004 .

[7]  Mohammad Mannan Secure Public Instant Messaging: A Survey † , 2004 .

[8]  Saurabh Bagchi,et al.  Modeling and automated containment of worms , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[9]  David Lee,et al.  Defending against Instant Messaging Worms , 2006 .

[10]  Saurabh Bagchi,et al.  Modeling and Automated Containment of Worms , 2008, IEEE Trans. Dependable Secur. Comput..

[11]  Edward S. K. Chien,et al.  Malicious threats and vulnerabilities in instant messaging , 2003 .

[12]  Paul C. van Oorschot,et al.  On instant messaging worms, analysis and countermeasures , 2005, WORM '05.

[13]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[14]  Donald F. Towsley,et al.  Modeling malware spreading dynamics , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[15]  Stephanie Forrest,et al.  Email networks and the spread of computer viruses. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[16]  Donald F. Towsley,et al.  Email worm modeling and defense , 2004, Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969).

[17]  Reginald D. Smith Instant Messaging as a Scale-Free Network , 2002 .