worm blog: ACT: Attachment Chain Tracing Scheme for Email Virus Detection and Control

« Detection of New Malicious Code Using N-grams Signatures | Main | Worms: How to stop them? »

ACT: Attachment Chain Tracing Scheme for Email Virus Detection and Control

We often don't post much about mass mailers here, but then again I haven't found too much interesting research in that area. This paper looks quite interesting.

Modern society is highly dependent on the smooth and safe flow of information over communication and computer networks. Computer viruses and worms pose serious threats to the society by disrupting the normal information flow and collecting or destroying information without authorization. Compared to the effectiveness and ease of spreading worms and viruses, currently adopted defense schemes are slow to react and costly to implement.

This paper proposes an automated email virus detection and control scheme using attachment chain tracing (ACT) technique. Based on conventional epidemiology, ACT detects virus propagation by identifying the existence of transmission chains in the network. It uses contact tracing to find epidemiological links between hosts. A soft quarantine scheme is proposed to control virus propagation. No virus signature information is needed for detection and quarantine. We also study the effect of delayed, limited immunization on the spread of viruses. We propose a progressive immunization strategy which uses transmission chain information to guide immunization process. Preliminary simulation experiments show that ACT is a promising scheme.

Source: ACT: Attachment Chain Tracing Scheme for Email Virus Detection and Control, Jintao Xiong.

July 26, 2005 in detection, mass mailers, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit