| | |
Summary: An Architecture for an Email Worm Prevention System
Mohamed Taibah and Ehab Al-Shaer
Multimedia Networking Research Laboratory
School of Computer Science, Telecommunications and Information Systems
DePaul University, Chicago, USA
Email: {mtaibah, ehab}@cs.depaul.edu
Abstract-- Email worms comprise the largest portion of Inter-
net worms today. Previous research has shown that they are an
effective vehicle to deliver malicious code to a large group of
users. These worms spread rapidly using the email infrastruc-
ture, causing significant financial damage, network congestion,
and privacy invasion. We present a dynamic architecture to
proactively defend a protected domain against email worms.
This architecture integrates concepts from the areas of Markov
decision processes, Rabin fingerprinting and honeypots to inspect,
detect, and quarantine unknown email worms in a timely manner.
We also present the results of several simulation experiments
to evaluate the effectiveness of the architecture under different
environment conditions.
I. INTRODUCTION
|
