PDL Abstract

A Study of Mass-mailing Worms

WORM’04, October 29, 2004, Washington, DC, USA.

Cynthia Wong, Stan Bielski, Jonathan M. McCune, Chenxi Wang

Dept. Electrical and Computer Engineering
Carnegie Mellon University

Mass-mailing worms have made a significant impact on the Internet. These worms consume valuable network resources and can also be used as a vehicle for DDoS attacks. In this paper, we analyze network traffic traces collected from a college campus and present an in-depth study on the effects of two mass-mailing worms, SoBig and MyDoom, on outgoing traffic. Rather than proposing a defense strategy, we focus on studying the fundamental behavior and characteristics of these worms. This analysis lends insight into the possibilities and challenges of automatically detecting, suppressing and stopping mass-mailing worm propagation in an enterprise network environment.

KEYWORDS: Internet Worms, Network Security, Traffic Analysis