
Research Article
An Architecture for an Email Worm Prevention System
@INPROCEEDINGS{10.1109/SECCOMW.2006.359559, author={Mohamed Mahmoud Taibah and Ehab Al-Shaer and Raouf Boutaba}, title={An Architecture for an Email Worm Prevention System}, proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2007}, month={5}, keywords={}, doi={10.1109/SECCOMW.2006.359559} }
- Mohamed Mahmoud Taibah
Ehab Al-Shaer
Raouf Boutaba
Year: 2007
An Architecture for an Email Worm Prevention System
SECURECOMM
IEEE
DOI: 10.1109/SECCOMW.2006.359559
Abstract
Email worms comprise the largest portion of Internet worms today. Previous research has shown that they are an effective vehicle to deliver malicious code to a large group of users. These worms spread rapidly using the email infrastructure, causing significant financial damage, network congestion, and privacy invasion. We present a dynamic architecture to proactively defend a protected domain against email worms. This architecture integrates concepts from the areas of Markov decision processes, Rabin fingerprinting and honeypots to inspect, detect, and quarantine unknown email worms in a timely manner. We also present the results of several simulation experiments to evaluate the effectiveness of the architecture under different environment conditions