ACT

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

ACT: attachment chain tracing scheme for email virus detection and control

Full text

Pdf (284 KB)

Source

Workshop on Rapid Malcode archive
Proceedings of the 2004 ACM workshop on Rapid malcode table of contents

Washington DC, USA

SESSION: Session 1 table of contents

Pages: 11 - 22

Year of Publication: 2004

ISBN:1-58113-970-5

Author

Jintao Xiong

Universidad del Turabo, Gurabo PR

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 48, Citation Count: 1

Additional Information:

abstract references cited by index terms

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029618.1029621 What is a DOI?

ABSTRACT

Modern society is highly dependent on the smooth and safe flow of information over communication and computer networks. Computer viruses and worms pose serious threats to the society by disrupting the normal information flow and collecting or destroying information without authorization. Compared to the effectiveness and ease of spreading worms and viruses, currently adopted defense schemes are slow to react and costly to implement.

This paper proposes an automated email virus detection and control scheme using attachment chain tracing (ACT) technique. Based on conventional epidemiology, ACT detects virus propagation by identifying the existence of transmission chains in the network. It uses contact tracing to find epidemiological links between hosts. A soft quarantine scheme is proposed to control virus propagation. No virus signature information is needed for detection and quarantine. We also study the effect of delayed, limited immunization on the spread of viruses. We propose a progressive immunization strategy which uses transmission chain information to guide immunization process. Preliminary simulation experiments show that ACT is a promising scheme.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	R. Albert and A. Barabasi. topology of evolving network: local events and universality. physical review letters, 85(24):5234--5237, Dec. 2000.
	2	CDC. DNA fingerprinting of mycobacterium tuberculosis isolates from epidemiologically linked case pairs.
	3	CERT. CERT advisory CA -2004-02.
	4	CERT. CERT incident note IN -2003-03.
	5	CERT. CERT incident note IN -2004-01.
	6	CERT/CC. CERT advisory CA -2001-26 nimda worm.
	7	Z. Chen, L. Gao, and K. Kwiat. Modeling the spread of active worms. In Proc. of IEEE INFOCOM '03, San Francisco, CA, April 2003.
	8	R. Diel, S. Schneider, K. Meywald, C. Ruf, S. Rusch, and S. Niemann. epidemiology of tuberculosis in hamburg, Germany: long-term population-based analysis applying classical and molecular epidemiological techniques. J. of Clinical Microbiology, 40(2):532--539, Feb. 2002.
	9	M. Garetto, W. Gong, and D. Towsley. modeling malware spreading dynamics. In IEEE INFOCOM '03, San Francisco, CA, April 2003.
	10	W. Haas, G. Engelmann, B. Amthor, S. Shyamba, F. Mugala, M. Felten, M. Rabbow, M. Leichsenring, O. Oosthuizen, and H. Bremer. transmission dynamics of tuberculosis in a high-incidence country: prospective analysis by PCR DNA fingerprinting. J. of Clinical Microbiology, 37(12):3975--3979, Dec. 1999.
	11	Herbert W. Hethcote, The Mathematics of Infectious Diseases, SIAM Review, v.42 n.4, p.599-653, Dec. 2000 [doi>10.1137/S0036144500371907]
	12	K. Swab. SMTP gateway virus filtering with sendmail and AMaViS.
	13	J. Kephart and S. White. directed-graph epidemiological models of computer viruses. In Proc. of the 1991 IEEE computer society symposium on research in security and privacy, pages 343--359, May 1991.
	14	Jeffrey O. Kephart , Steve R. White, Measuring and Modeling Computer Virus Prevalence, Proceedings of the 1993 IEEE Symposium on Security and Privacy, p.2, May 24-26, 1993
	15	S. Lockman, J. Sheppard, C. Braden, M. Mwasekaga, C. Woodley, T. Kenyon, N. Binkin, M. Steinman, F. Montsho, M. Kesupile, C. Hirschfeldt, M. Notha, T. Moeti, and J. Tappero. Molecular and conventional epidemiology of mycobacterium tuberculosis in Boswana: a population-based prospective study of 301 pulmonary tuberculosis patients. J. of Clinical Microbiology, 39(3):1042--1047, May 2001.
	16	David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003 [doi>10.1109/MSECP.2003.1219056]
	17	David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France [doi>10.1145/637201.637244]
	18	D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code. In Proc. IEEE INFOCOM '03, San Francisco, CA, April 2003.
	19	D. Soolingen. molecular epidemiology of tuberculosis and other mycobacterial infections: main methodologies and achievements. J. Intern. Med., (249):1--26, 2000.
	20	Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
	21	T. Toth and C. Kruegel. Connection-history based anomaly detection. In Proc. of the IEEE workshop on information assurance and security, West Point, NY, June 2002.
	22	Chenxi Wang , J. C. Knight , M. C. Elder, On computer viral infection and the effect of immunization, Proceedings of the 16th Annual Computer Security Applications Conference, p.246, December 11-15, 2000
	23	Helen J. Wang , Chuanxiong Guo , Daniel R. Simon , Alf Zugenmaier, Shield: vulnerability-driven network filters for preventing known vulnerability exploits, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	24	WHO. consensus document on the epidemiology of severe acute respiratory syndrome (SARS).
	25	WHO. SARS: breaking the chains of transmission.
	26	M. Williamson. Throttling viruses: restricting propagation to defeat malicious mobile code. Technical Report HPL -2002-172, HP laboratories technical report, 2002.
	27	Y. Zhu, J. Ho, and L. Beauchamp. Email traffic modeling at the access link. Technical report, Nortel networks technical report, 1998.
	28	Cliff Changchun Zou , Lixin Gao , Weibo Gong , Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948136]
	29	Cliff Changchun Zou , Weibo Gong , Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586130]
	30	Cliff Changchun Zou , Weibo Gong , Don Towsley, Worm propagation modeling and analysis under dynamic quarantine defense, Proceedings of the 2003 ACM workshop on Rapid malcode, October 27-27, 2003, Washington, DC, USA [doi>10.1145/948187.948197]
	31	C. Zou, D. Towsley, and W. Gong. Email virus propagation modeling and analysis. Technical Report TR - CSE -03-04, University of Massachusetts at Amherst, 2003.