Modeling and Analysis on the Propagation Dynamics of Modern Email Malware

Due to the critical security threats imposed by email-based malware in recent years, modeling the propagation dynamics of email malware becomes a fundamental technique for predicting its potential damages and developing effective countermeasures. Compared to earlier versions of email malware, modern email malware exhibits two new features, reinfection and self-start. Reinfection refers to the malware behavior that modern email malware sends out malware copies whenever any healthy or infected recipients open the malicious attachment. Self-start refers to the behavior that malware starts to spread whenever compromised computers restart or certain files are visited. In the literature, several models are proposed for email malware propagation, but they did not take into account the above two features and cannot accurately model the propagation dynamics of modern email malware. To address this problem, we derive a novel difference equation based analytical model by introducing a new concept of virtual infected user. The proposed model can precisely present the repetitious spreading process caused by reinfection and self-start and effectively overcome the associated computational challenges. We perform comprehensive empirical and theoretical study to validate the proposed analytical model. The results show our model greatly outperforms previous models in terms of estimation accuracy.

[1]  Donald F. Towsley,et al.  On distinguishing between Internet power law topology generators , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[2]  Guanhua Yan,et al.  Modeling Propagation Dynamics of Bluetooth Worms (Extended Version) , 2009, IEEE Transactions on Mobile Computing.

[3]  EschelbeckGerhard The Laws of Vulnerabilities , 2005 .

[4]  Wanlei Zhou,et al.  Locating Defense Positions for Thwarting the Propagation of Topological Worms , 2012, IEEE Communications Letters.

[5]  Christos Faloutsos,et al.  Epidemic spreading in real networks: an eigenvalue viewpoint , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[6]  Jintao Xiong,et al.  ACT: attachment chain tracing scheme for email virus detection and control , 2004, WORM '04.

[7]  Jun Zhang,et al.  Modeling Propagation Dynamics of Social Network Worms , 2013, IEEE Transactions on Parallel and Distributed Systems.

[8]  Jonathan M. McCune,et al.  A study of mass-mailing worms , 2004, WORM '04.

[9]  Mark Coates,et al.  Epidemiological Modelling of Peer-to-Peer Viruses and Pollution , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[10]  Alessandro Vespignani,et al.  Epidemic spreading in scale-free networks. , 2000, Physical review letters.

[11]  W. Fan,et al.  Online social networks—Paradise of computer viruses☆ , 2011 .

[12]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[13]  Donald F. Towsley,et al.  Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms , 2007, IEEE Transactions on Dependable and Secure Computing.

[14]  Giuseppe Serazzi,et al.  Computer Virus Propagation Models , 2003, MASCOTS Tutorials.

[15]  Michalis Faloutsos,et al.  Information Survival Threshold in Sensor and P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[16]  S. Bornholdt,et al.  Scale-free topology of e-mail networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[17]  Stephanie Forrest,et al.  Email networks and the spread of computer viruses. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[18]  Chuanyi Ji,et al.  Spatial-temporal modeling of malware propagation in networks , 2005, IEEE Transactions on Neural Networks.

[19]  Ehud Gudes,et al.  SISR - A New Model for Epidemic Spreading of Electronic Threats , 2009, ISC.

[20]  A. F. Pacheco,et al.  Epidemic incidence in correlated complex networks. , 2003, Physical review. E, Statistical, nonlinear, and soft matter physics.

[21]  Kwang-Cheng Chen,et al.  On Modeling Malware Propagation in Generalized Social Networks , 2011, IEEE Communications Letters.

[22]  Wanlei Zhou,et al.  Eliminating Errors in Worm Propagation Models , 2011, IEEE Communications Letters.

[23]  Guanhua Yan,et al.  Malware propagation in online social networks: nature, dynamics, and defense implications , 2011, ASIACCS '11.

[24]  Erol Gelenbe,et al.  Performance Tools and Applications to Networked Systems: Revised Tutorial Lectures (Lecture Notes in Computer Science) , 2004 .

[25]  Alessandro Vespignani,et al.  Epidemic spreading in complex networks with degree correlations , 2003, cond-mat/0301149.

[26]  Ning Zhong,et al.  Network immunization and virus propagation in email networks: experimental evaluation and analysis , 2010, Knowledge and Information Systems.