Design, implementation and test of an email virus throttle

1 January 2003

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 76-85
https://doi.org/10.1109/csac.2003.1254312

Abstract

We present an approach to preventing the damage caused by viruses that travel via email. The approach prevents an infected machine spreading the virus further. This directly addresses the two ways that viruses cause damage: less machines spreading the virus will reduce the number of machines infected and reduce the traffic generated by the virus. The approach relies on the observation that normal entailing behaviour is quite different from the behaviour of a spreading virus, with the virus sending messages at a much higher rate, to different addresses. To limit propagation a rate-limiter or virus throttle is described that does not affect normal traffic, but quickly slows and stops viral traffic. We include an analysis of normal emailing behaviour, and details of the throttle design. In addition an implementation is described and tested with real viruses, showing that the approach is practical.

Keywords

This publication has 7 references indexed in Scilit:

Resilient infrastructure for network security
Complexity, 2003
Protecting data from malicious software
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
Throttling viruses: restricting propagation to defeat malicious mobile code
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
When Can I Expect an Email Response? A Study of Rhythms in Email Usage
Published by Springer Nature ,2003
Disarming offense to facilitate defense
Published by Association for Computing Machinery (ACM) ,2001
SMTP Service Extension for Authentication
Published by RFC Editor ,1999
Simple Mail Transfer Protocol
Published by RFC Editor ,1982