The International Arab Journal of Information Technology (IAJIT)

..............................
..............................
..............................


Simulating Email Worm Propagation Based on Social Network and User Behavior

Email worms pose a significant security threat to organizations and computer users today. Because they propagate over a logical network, the traditional epidemic model is unsuitable for modeling their propagation over the internet. However, it is no doubt that accurate modeling the propagation of email worms is helpful to contain th9eir attacks in advance. This paper presents a novel email worms’ propagation model, which is based on a directed and weighted social network. Moreover, the effects of user’s behavior are also considered in this model. To the author’s knowledge, there is little information available considering the effects of them in modeling their propagation. A simulation algorithm is designed for verifying the effectiveness of the presented model. The results show that the presented model can describe the propagation of email worms accurately. Through simulating different containing strategies, we demonstrate that the infected key nodes in email social community can speed up the worm propagating. Last, a new General Susceptible Infectious Susceptible (G-SIS) email worm model is presented, which can predict the propagation scale of email worms accurately.


[1] Abdulla S., Ramadass S., Altaher A., and Al-Nassiri A., “Employing Machine Learning Algorithms to Detect Unknown Scanning and Email Worms,” The International Arab Journal of Information Technology, vol. 11, no. 2, pp. 140-148, 2014.

[2] A Study of Mass-mailing Worms, http://www.cert.org/incident_notes/IN-2004-01.h tml, Last Visited, 2004.

[3] Barrat A., Barthelemy M., and Vespignani A., “Weighted Evolving Networks: Coupling Topology and Weighted Dynamics,” Physical Review Letters, vol. 92, no. 22, pp. 22870-1-22870-4, 2004.

[4] Batagel V. and Mrvar A., “Pajek Program for Large Network Analysis,” Connections, vol. 21, no. 2, pp. 47-57, 1998.

[5] Chen Z., Gao L., and Kwiat K., “Modeling the Spread of Active Worms,” in Proceedings of IEEE INFOCOM 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Francisco, pp. 1890-1900, 2003.

[6] Frequently Asked Questions about the Melissa Virus, http://www.cert.org/incident_notes/IN-2003-03.h tml, Last Visited, 2003.

[7] Gang Y., Tao Z., Jie W., Zhong-Qian F., and Bing-Hong W., “Epidemic Spread in Weighted Scale-Free Networks,” Chinese Physics Letters, vol. 22, no. 2, pp. 510-513, 2005.

[8] Hayashi Y., Minoura M., and Matsukubo J., “Oscillatory Epidemic Prevalence in Growing Scale-Free Networks,” Physical Review E, vol. 69, pp. 161121-161128, 2004.

[9] Kephart J. and White S., “Directed-Graph Epidemiological Models of Computer Viruses,” in Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 343-359, 1991.

[10] Kephart J., White S., and Chess D., “Computers and Epidemiology,” IEEE Spectrum, vol. 30, no. 5, pp. 20-26, 1993.

[11] Kesidis G., Hamadeh I., and Jiwasurat S., “Coupled Kermackmckendrick Models for Randomly Scanning and Bandwidth-Saturating Internet Worms,” in Proceedings of the 3rd International Conference on Quality of Service in Multiservice IP Networks, Catania, pp. 101-109, 2005.

[12] Kim K., Lee H., Hong J., Cho M., Fava M., Mischoulon D., Kim D., and Jeon H., “Poor Sleep Quality and Suicide Attempt Among Adults with Internet Addiction: A Nationwide Community Sample of Korea,” PlOS One, vol. 12, no. 4, pp. 1-13, 2017.

[13] Klimt B. and Yang Y., “Introducing the Enron Corpus,” in Proceedings of the CEAS, Mountain View, pp. 1-2, 2004.

[14] Massa F., “Guardians of the Internet: Building and Sustaining the Anonymous Online Community,” Organization Studies, vol. 38, no. 7, pp. 959-988, 2017.

[15] Moore D. and Shannon C., “CAIDA: The nyxem email virus: analysis and inferences

[EB/OL],” http://www.caida.org, Last Visited, 2004.

[16] Newman M., “The Structure and Function of Complex Networks,” SIAM Review, vol. 45, no. 2, pp.167-256, 2003.

[17] Sheng W., Wei Z., Jun Z., Yang X., Wanlei Z., Weijia J., and Cliff Z., “Modeling and Analysis on the Propagation Dynamics of Modern Email Malware,” IEEE Transactions on Dependable and Secure Computing, vo. 11, no. 4, pp. 361-374, 2013.

[18] Sneha S. and Swapna P., “Analyze and Prevent Modern Email Malware Propagation Using Sell Model,” IIOAB Journal, vol. 7, no. 9, pp. 696-702, 2016.

[19] U.S. Department of Homeland Security Announces Partnership with Carnegie Mellon’s CERT Coordination Center. http://securityresponse.symantec.com/avcenter/ve nc/data/w32.beagle.f@mm.html, Last Visited, 2004.

[20] Wang Y., Wen S., Xiang Y., and Zhou W., “Model the Propagation of Worms in Networks: A Survey,” IEEE Communications Survey and Tutorials, vol. 16, no. 2, pp. 942-960, 2014.

[21] Wang Y. and Wang C., “Modeling the Effects of Timing Parameters on Virus Propagation,” in Proceedings of ACM Workshop on Rapid Malcode, Washington, pp. 61-66, 2003.

[22] Wang Y., Ji-Wu J., Ji X., and Qi L., “Topology Aware Worm Simulation and Analysis,” Journal Simulating Email Worm Propagation Based on Social Network and User Behavior 861 of Software, vol. 19, no. 6, pp. 1508-1518, 2008.

[23] Yang S., Jin H., Liao X., and Liu S., “Modeling Modern Social-Network-Based Epidemics: A Case Study of Rose,” in Proceedings of International Conference on Autonomic and Trusted Computing, Oslo, pp. 302-315, 2008.

[24] Zou C., Gao L., Gong W., and Towsley D., “Monitoring and Early Warning for Internet Worms,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, pp. 190-199, 2003.

[25] Zou C., Gong W., and Towsley D., “Code Red Worm Propagation Modeling and Analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, pp. 138-147, 2002.

[26] Zou C., Towsley D., and Gong W., “Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm,” IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 105-118, 2007. Kexin Yin received Ph.D. degree from Changchun University of Science and Technology in 2008. She is professor of computer science and engineering in Changchun University of Technology. Her areas of interests are machine learning, image processing and network security. Wanglong Li received M.S. degree from Jilin University in 2002. He is professor of computer science and engineering in Changchun University of Technology. His areas of interests are computer network. Ming Hu received Ph.D. degree from Jilin University in 2005. He is professor and present of Changchun Institute of Technology. His areas of interests are artificial intelligence and data mining. Jianqi Zhu received Ph.D. degree from Jilin University in 2009. He is professor of computer science and technology of Jilin University. His areas of interests are network security, machine learning and data mining.