An Architecture for an Email Worm Prevention System

Mohamed Mahmoud  Taibah; Ehab Al-Shaer; Raouf  Boutaba

2nd International ICST Conference on Security and Privacy in Comunication Networks

Research Article

An Architecture for an Email Worm Prevention System

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/SECCOMW.2006.359559,
    author={Mohamed Mahmoud  Taibah and Ehab Al-Shaer and Raouf  Boutaba},
    title={An Architecture for an Email Worm Prevention System},
    proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks},
    publisher={IEEE},
    proceedings_a={SECURECOMM},
    year={2007},
    month={5},
    keywords={},
    doi={10.1109/SECCOMW.2006.359559}
}

Mohamed Mahmoud Taibah
Ehab Al-Shaer
Raouf Boutaba
Year: 2007
An Architecture for an Email Worm Prevention System
SECURECOMM
IEEE
DOI: 10.1109/SECCOMW.2006.359559

Mohamed Mahmoud Taibah¹^,*, Ehab Al-Shaer¹^,*, Raouf Boutaba²^,*

1: School of Computer Science, DePaul University, Chicago, USA
2: School of Computer Science, University of Waterloo, Canada

*Contact email: mtaibah@cs.depaul.edu, ehab@cs.depaul.edu, rboutaba@uwaterloo.ca

Abstract

Email worms comprise the largest portion of Internet worms today. Previous research has shown that they are an effective vehicle to deliver malicious code to a large group of users. These worms spread rapidly using the email infrastructure, causing significant financial damage, network congestion, and privacy invasion. We present a dynamic architecture to proactively defend a protected domain against email worms. This architecture integrates concepts from the areas of Markov decision processes, Rabin fingerprinting and honeypots to inspect, detect, and quarantine unknown email worms in a timely manner. We also present the results of several simulation experiments to evaluate the effectiveness of the architecture under different environment conditions

Published: 2007-05-15
Publisher: IEEE

: http://dx.doi.org/10.1109/SECCOMW.2006.359559