Mobile phones and personal digital assistants are becoming increasingly important in our daily life since they enable us to access a large variety of ubiquitous services. Mobile networks, formed by the connection of mobile devices following some relationships among mobile users, provide good platforms for mobile virus spread. Quick
and efficient security patch dissemination strategy is necessary for the update of antivirus software so that it can detect mobile virus, especially the new virus under the wireless mobile network environment with limited bandwidth which is also large scale, decentralized, dynamically evolving, and of unknown network topology. In this paper, we propose an efficient semi autonomy-oriented computing (SAOC) based patch dissemination strategy to restrain the mobile virus. In this strategy, some entities are deployed in a mobile network to search for mobile devices according to some specific rules and with the assistance of a center. Through experiments involving both real-world networks and dynamically evolving networks, we demonstrate that the proposed strategy can effectively send security patches to as many mobile devices as possible at a considerable speed and lower cost in the mobile network. It is a reasonable, effective, and secure
method to reduce the damages mobile viruses may cause.
1. Introduction
The last decade has witnessed a surge of wireless mobile devices such as mobile phones, PocketPCs, netbooks, and tablet PCs. With the appearance and development of intelligent operating system, mobile devices are getting smarter and more functional. For example, they can connect to the Internet, receive and send emails and short messages (SMS)/multimedia messages (MMS), and connect to other devices for exchanging information and activating various applications. Meanwhile, these mobile devices also become the ideal targets of mobile virus because they are popular, designed to be open, programmable, and, general of purpose, and highly dependent on common software platforms such as Android, Symbian, Windows Mobile, and Linux.
Mobile networks, formed by the connection of mobile devices following some relationships among mobile users, provide good platforms for mobile virus spread. For example, an MMS-based worm named “Commwarrior” (http://www.f-secure.com/v-descs/commwarrior.shtml) can spread in MMS network which is formed based on the social relationships among mobile users. And a Bluetooth-based worm named “Cabir” (http://www.f-secure.com/v-descs/cabir.shtml) can spread in Bluetooth network which is formed according to the geographically positions of mobile devices. There have been extensive studies on modeling the virus/epidemic propagation [1–6] in complex networks which can be used to estimate the scale of a virus/epidemic outbreak before it actually occurs and evaluate the effect of new or improved countermeasures in restraining virus/epidemic propagation. And based on these studies, many network immunization strategies [7–10] have been proposed for restraining virus propagation by selectively immunizing some nodes based on the measurements of degree or betweenness. But it would be difficult for these strategies to deal with large-scale, decentralized, and dynamic mobile networks. Intrusion detection technology [11] is another straight and effective means for the containment of mobile virus. However, the detection capabilities of most antivirus software are depend on the existence of an updated virus signature repository. Antivirus users are not protected whenever an attacker spreads a previously never encountered virus. In order to protect the mobile phones from the damage of new virus, service providers or security companies need to quickly identify the new virus, generate a signature, and disseminate patches to smart phones. Currently, most researches have been done on intrusion detection [11–13] and patch generation [14–16], while this paper aims to study the dissemination [17–20] of security patch in the wireless mobile network environment.
Due to the limited bandwidth of wireless networks, it is difficult to disseminate the security patches to all phones simultaneously and timely. And since the mobile network is always large-scale, decentralized, dynamically, and of unknown network topology, good patch dissemination strategy is necessary. Some strategies attempt to forward security notifications or patches based on the short-range communication capabilities of intermittently connected phones [17, 18]. These strategies select some important phones that can divide a Bluetooth-based network into different communities based on the contact time and frequency. Thereafter, they send security signatures to all communities based on the local detection. However, this method cannot ensure that users acquire patches in time. References [20, 21] presented a quick and efficient autonomy-oriented computing (AOC) [22, 23] based patch dissemination strategy, based on SMS that can be used in multiple forms of mobile network. But, this strategy still has the following deficiencies: (1) the number of patches disseminated is not determined at a time step. Especially, there may be many patches disseminated at the initial stage which can potentially cause network congestion [24, 25]; (2) a phone may receive the same patch from different neighbors more than once which may lead to network congestion and the waste of network resource. Therefore, it is still in high demand to develop a new strategy that can efficiently and quickly send security patches to as many phones as possible in the mobile network.
In this paper, we propose a patch dissemination strategy based on semi autonomy-oriented computing (SAOC) to restrain the mobile virus. For the AOC-based strategy, certain entities reside in some phones in the mobile network. They autonomously work with each other and move in the network based on their own autonomous behaviors. But in our SAOC-based strategy, a center is added to the AOC-based strategy to combine and analyze the information received from the entities. At each time step, each entity moves to the next location according to its own autonomous behavior and the information feedbacked from the center. Through many experiments involving both synthetic and real-world networks, we find that the proposed SAOC-based strategy can quickly send security patches to as many phones as possible in the mobile network with limited bandwidth which is also large-scale, decentralized, dynamically, and of unknown network topology. Besides, it can control the number of patches disseminated at each time step and make adjustment according to the network conditions. The selected phones, which receive the patches, are always the most important ones of the phones found by the entities at each time step for the virus propagation, and thus the virus propagation can be effectively restrained. The network congestion and the waste of the network resources can also be avoided because each phone receives the patch only once.
2. SAOC-Based Patch Dissemination Strategy
SMS/MMS messages and Bluetooth are becoming the two major propagation routes of mobile virus. Since SMS-based viruses are found more dangerous than Bluetooth-based viruses in terms of propagation speed and scope [20], we propose a semi autonomy-oriented computing (SAOC) based patch dissemination strategy to restrain the SMS-based virus propagation in this paper. For the autonomy-oriented computing (AOC) approach [20, 26], a group of computational entities are dispatched into a mobile network. They reside in some phones, autonomously work with each other, move from one phone to another, and update their local environment based on their own autonomous behaviors. However, in our SAOC-based approach, the entities no longer work full autonomously and a center is added to help the entities finish their tasks. At each time step, the center is responsible for combining and analyzing the information received from the entities, and each entity moves from its present position to a new one according to some rules, the information feedbacked from the center and the cooperation with other entities. We use a graph G to denote the mobile phones network formed according to the address books of mobile phones. Some definitions which are used to formulate the SAOC-based dissemination strategy are as follows.
Definition 1.
A graph G=〈V,L〉 is a mobile network formed according to the address books of mobile phones, where V={v1,v2,…,vN} is a set of phones and L={〈vi,vj〉|1≤i,j≤N,i≠j} is a set of undirected links (if vi is in the address book of vj, then there is a link between vi and vj, and vi is called a friend of vj). N=|V| represents the total number of phones in the network.
Each phone vi in G has two states 〈phoneId,allfriendIds〉, where phoneId denotes the identifier of vi and friendId is the identifier of the friend of vi.
Definition 2.
The center, denoted by C, contains two states 〈id,task〉, where id denotes its identifier and task stores a series of its tasks.
Definition 3.
Let e be an entity in a network G. Entity e is represented by a tuple 〈id,phoneId,allfriendIds,lifecycle,rule〉, where id denotes the identifier of the entity; phoneId represents the identifier of the phone resided by e; friendId is the identifier of the friend of the resided phone; lifecycle is the maximum time steps for an entity to reside on a phone; and rule is a set which stores four local behaviors of an entity, including rational-move, rational-jump, random-jump, and wait.
Definition 4.
The local environment and prelocal information of an entity are denoted by El and preIl, respectively. If an entity e resides on phone vi, its local environment and prelocal information are defined as El(e)={vi;{vj}} and preIl(e)={vi′sid&vi′sallfriendIds;{vj′sid&vj′sallfriendIds}} respectively, where {vj} is the set of friends of vi.
Definition 5.
Remain degree of a phone denotes the number of friends who have not received the patches of a phone. A phone is regarded as its own friend.
At each time step, each entity sends its prelocal information searched in its local environment to the center. The center combines and analyzes the information received from all entities according to its task, and shares the analysis results which are called the postlocal information postIl(e) with each entity e, where postIl(e)={vi′sid&vi′sremaindegree;{vj′sid&vj′sremaindegree}}, {vj} is the set of friends of vi resided by e. If two phones resided by two entities are friends or they have at least a same friend, we assume that these two entities can share their postlocal information. Each entity then moves to the next location (targetId) according to its rule. Algorithm 1 shows the detailed process of SAOC-based patch dissemination strategy.
Algorithm 1: The process of SAOC-based patch dissemination strategy.
(1)For each entity e
search the local environment El(e) and obtain pre-local information preIl(e);
send preIl(e) to the center;
End
(2)For center C
perform a series of task according to its task;
End
(3)For each entity e
compute targetId based on the post-local information or the shared post-local information;
If targetId is not null Then
Rational move to targetId;
Else if e.lifecycle < 1 Then
request the center a targetId;
If receive a targetId Then
Rational jump to targetId;
Else if not receive a targetId Then
Random jump to targetId;
Else
Wait;
End
End
The task of the center includes the following.
Delete the friendIds who have received the patches from each phone’s allfriendIds in all the prelocal information.
Compute each phone’s remain degree and send the security patches to the first m phones with the highest-remain degree. (Therefore, the number of patches disseminated at each time step is controllable that can be adjusted according to the network conditions.) And record the ids of the phones who just received the patches.
Delete the new patched friendIds from each phone’s allfriendIds and compute each phone’s new remain degree.
Send the postlocal information to the entity.
The main behaviors of each entity are as follows.
Rational move: An entity moves to a phone with the highest-remain degree in its postlocal information or the shared postlocal information if it exists. If there exists more than one highest-remain degree phone, the entity will randomly choose one for residing in.
Rational jump: the entity requests from the center a phone for residing in, if such phone exists.
Random jump: an entity moves along the edges with a randomly-determined number of steps in order to avoid getting stuck in local optima.
Wait: If an entity does not find any available phone for residing in, it will stay at its current position.
For example, as shown in Figure 1, two entities e1 and e2 reside in phones v5 and v6 at the initial phase of step 1, respectively. e1 and e2 begin to search their local environments and obtain the prelocal information as:
(1)preIl(e1)={v5&v5,v4;{v4&v4,v1,v2,v5,v7,v8}},preIl(e2)={v6&v6,v7,v9,v10;{v7&v7,v4,v6,v8,v10;v9&v9,v6,v10,v12;v10&v10,v6,v7,v8,v9,v11,v12}}.
When receiving preIl(e1) and preIl(e2), the center firstly deletes the phones’ id that has been immunized from each phones’ friendIds and computes the remain degree of each phone. Since there are no phones have been immunized, the remain degree of each phone will be {v4&6;v5&2;v6&4;v7&5;v9&4;v10&7}. In this moment, the center sends the security patches to the first 5 unimmunized phones (in this example, we assume that no more than m=5 phones are immunized at each time step) with highest-remain degree, that is, {v4,v6,v7,v9,v10}, and deletes these phones’ id from each phones’ friendIds and computes the new remain degree of each phone. The new remain degree will be sent to entities as their postlocal information, that is, postIl(e1)={v5&1;{v4&4}} and postIl(e2)={v6&0;{v7&1;v9&1;v10&3}}. When receiving the postlocal information, each entity will move to the phone which has the highest-remain degree in its postlocal information. Therefore, e1 and e2 move from v5 to v4 and from v6 to v10, respectively. In this step, these two entities perform the rational move relying on their own postlocal information. Step 2 will show the case of the movement of the entities relying on the shared postlocal information. In step 2, when e1 and e2 receive postIl(e1) and postIl(e2) from the center, they can share their postlocal information with each other since they have the mutual friends v7 and v8. postIl(e1), postIl(e2) and the shared postlocal information are as follows:
(2)postIl(e1)={v4&1;{v1&0;v2&1;v5&1;v7&0;v8&0}},postIl(e2)={v10&0;{v6&0;v7&0;v8&0;v9&0;v11&0;v12&0}},postIl(e1)∪postIl(e2)={v1&0;v2&1;v4&1;v5&1;v6&0;v7&0;v8&0;v9&0;v10&0;v11&0;v12&0}.
An example of the SAOC-based patch dissemination strategy.
e1 and e2 will choose the first two phones with the highest-remain degree in the shared postlocal information as their target locations. Note that there are three phones can be resided and e1 is residing in one of the highest-remain degree phone. In this case, we let e1 continue from moving. Therefore, e1 and e2 move from v4 to v5 and v10 to v2, respectively. Table 1 presents the detailed patch dissemination process of Figure 1 based on our SAOC-based patch dissemination strategy.
The detailed process of Figure 1 based on SAOC-based patch dissemination strategy.
In the analytical information vi&vj1,…,vjk&n1&n2 of the center, vi is the identifier of a phone, vj1,…,vjk the friends of vi, n1 the first computed remain degree of vi, and n2 the second computed remain degree of vi. The identifiers in red indicate the phones that have received the patches in the previous steps. The identifiers in blue indicate the phones that will receive the patches in the current step. The no more than 5 red numbers in each step refers to the unimmunized phones with the highest-first computed remain degree.
3. Experimentation and Validation3.1. Static Networks
A mobile network is constructed based on the address books of smart phones, which reflects the social relationship among mobile users in real world situations. Here, we use some benchmark networks (university email network, autonomous systems network, and collaboration network) to reflect the relationship structures in the real world. Table 2 shows the structure and degree of four networks. University email network [27], autonomous systems network [28], and collaboration network of Arxiv High Energy Physics category [29] are real-world networks. Community-based network is a synthetic network with four communities based on the GLP algorithm [30].
The structures of networks.
Nodes
Edges
〈k〉
University email network
1133
5451
9.62
Community-based network
4000
16855
8.42
Autonomous systems network
11080
31538
5.69
Collaboration network
12008
237010
39.47
We use the four networks shown in Table 2 to evaluate the efficiency of the proposed SAOC-based patch dissemination strategy in restraining the SMS-based virus. For the SMS-based virus propagation model, we assume the following.
If a user receives a message from his friend, he may open or delete this message determined by his security awareness [20, 31, 32]. The security awareness of different users in this paper is consistent with that used by [20] and follows a normal distribution, N(0.5,0.32).
If a user opens a virus message, he is infected and will automatically send the virus message to all his friends.
An infected phone sends the virus to his friends only once, after which the infected phone will not send out virus any more.
If a phone has received the patch, it will not send out virus even if the user opens an infected message again.
At some point, we deploy a few entities into a mobile network. These entities reside in the phones with the highest degree which are found by the AOC-based immunization strategy [26]. Each entity then moves according to Algorithm 1. We compare the efficiency of our SAOC-based dissemination strategy with the AOC-based dissemination strategy [20] by different indexes in the above static benchmark networks.
Figure 2 shows the average numbers of infected phones over time when 5 and 10 entities are deployed into the networks from the time step of 50. At each time step, no more than m patches can be sent in SAOC-based strategy that is, up to m phones can be immunized at each time step in SAOC-based strategy. Obviously, the earlier and the more the patch is disseminated, the shorter the propagation duration will be. Figure 3 shows the average number of immunized phones over time when the entities are deployed into the networks from 50. Since we set a limit on the size of m to avoid the network congestion, the effect of SAOC-based strategy is inferior to the AOC-based one at the initial phase after the deploying of the entities when m is small. But simulation results show that the SAOC-based strategy can recover all the infected phones and immune all the phones faster than the AOC-based one even if m is relatively small. Figure 4 shows the number of the patches disseminated at each time step. We find that the number of the patches disseminated at each time step in AOC-based strategy is much more than that of the SAOC-based one. Figure 4 also shows the main inadequacies of AOC-based strategy; that is, too many patches are sent at certain times which may lead to network congestion and a phone may receive the patch from different neighbors more than once which causes the waste of network resources. However, in our SAOC-based strategy, the number of patches disseminated at each time step is controllable that can be adjusted according to the network conditions, and a phone receives the patch only once.
The number of infected phones over time.
University email network
Community-based network
Autonomous systems network
Collaboration network
The number of immunized phones over time.
University email network
Community-based network
Autonomous systems network
Collaboration network
The number of patches over time.
University email network
Community-based network
Autonomous systems network
Collaboration network
Figures 5 and 6 show the average number of steps of each entity and the total number of patches disseminated corresponding to the coverage rate, respectively. The coverage rate is defined as Nimmunized/N, where Nimmunized represents the total number of immunized phones that are patched by the center and N represents the total number of phones in the network. In Figure 5, each entity in SAOC-based strategy needs to move a bit more steps than that in the AOC-based strategy when the coverage rate is small due to the limitation on m. But in the case of achieving a significant amount of coverage rate, the number of steps of each entity needed to move is much smaller in SAOC-based strategy than that in AOC-based strategy. In Figure 6, we can see that the total number of patches disseminated is much smaller in SAOC-based strategy than in AOC-based strategy to attain the same coverage rate.
The average of each entity steps with respect to coverage rate.
University email network
Community-based network
Autonomous systems network
Collaboration network
The number of patches with respect to coverage rate.
University email network
Community-based network
Autonomous systems network
Collaboration network
From the simulations performed above, we can see that the SAOC-based dissemination strategy can efficiently send security patches to as many phones as possible with considerable speed and relatively lower cost in the static networks.
3.2. Dynamically Evolving Networks
In this section, we evaluate the efficiency of SAOC-based dissemination strategy in dynamically evolving networks since the structure of a network is changing in the real world. We assume that the initial network contains 1000 phones with 〈k〉=8. Three different patterns of network evolving are considered as follows: (1) the network scale will grow to 4000; (2) 50 or 100 phones are added into the network at each step from the time step of 20; (3) the network degree, 〈k〉, will remain unchanged or change from 8 to 18, respectively. We use the SIR [33–35] model to characterize the SMS-based virus propagation in dynamically evolving networks. SIR is the most basic and well-studied epidemic spreading model. In the SIR model, the elements of a network are divided into three compartments, including susceptibles (S, those who can contract the infection), infectious (I, those who have contracted the infection and are contagious), and recovered (R, those who have recovered from the disease). At each time step, we assume that a susceptible phone becomes infected with a probability λ if it is directly connected to an infected phone. Meanwhile, if an infected phone receives the patch, it will become to be recovered from the infected state.
Simulation results shown in Figure 7 indicate that when selecting the appropriate number of patches disseminated at each time step, our SAOC-based strategy can send security patches to as many phones as possible and reduce the damages of mobile virus in the dynamically evolving networks with various complex evolving patterns.
The number of infected phones over time in different dynamicin-evolving networks. (a) 50 phones are added into the network at each step, and the average degree 〈k〉 maintains 8; (b) 50 phones are added into the network at each step, and the average degree 〈k〉 increases from 8 to 18; (c) 100 phones are added into the network at each step, and the average degree 〈k〉 maintains 8; (d) 100 phones are added into the network at each step, and the average degree 〈k〉 increases from 8 to 18.
4. Conclusion
In this paper, we propose an efficient SAOC-based patch dissemination strategy to restrain the SMS-based mobile virus. The advantages of our SAOC-based strategy could be described as follows:
it sends security patches to as many phones as possible at a considerable speed and lower cost in the mobile network with limited bandwidth which is also large-scale, decentralized, dynamically evolving, and of unknown network topology;
it can control the number of patches disseminated at each time step and make adjustment according to the network conditions. Thus the network congestion can be avoided;
the selected phones which receive the patches are always the most important ones of the phones found by the entities at each time step for the virus propagation, and thus the virus propagation can be effectively restrained;
each phone receives the patch only once, which is beneficial to avoiding the network congestion and the waste of network resource.
In summary, the SAOC-based patch dissemination strategy is a reasonable, effective, and secure method to send security patches in mobile networks and reduce the damages mobile viruses cause.
Acknowledgments
This paper was supported by the National Natural Science Foundation of China (Grant nos. 61202362, 61070209, 61121061, and 61272402), the Asia Foresight Program under NSFC Grant (Grant no. 61161140320), and the Specialized Research Fund for the Doctoral Program of Higher Education (Grant no. 20120005110017).
WangP.GonzálezM. C.HidalgoC. A.BarabasiA.-L.Understanding the spreading patterns of mobile phone viruses20093245930107110762-s2.0-6634913193210.1126/science.1167053ChengS.-M.AoW. C.ChenP.-Y.ChenK.-C.On modeling malware propagation in generalized social networks201115125272-s2.0-7955168043310.1109/LCOMM.2010.01.100830YanG.EidenbenzS.Modeling propagation dynamics of bluetooth worms (Extended version)2009833533672-s2.0-5884914157110.1109/TMC.2008.129DeP.LiuY.DasS. K.An epidemic theoretic framework for vulnerability analysis of broadcast protocols in wireless sensor networks2009834134252-s2.0-5884908956010.1109/TMC.2008.115TomaC.Advanced signal processing and command synthesis for memory-limited complex systems20122012132-s2.0-8485527429110.1155/2012/927821927821ZBL1264.94071BakhoumE. G.TomaC.Specific mathematical aspects of dynamics generated by coherence functions20112011102-s2.0-7925153713210.1155/2011/436198436198ZBL1248.37075ChenY.PaulG.HavlinS.LiljerosF.StanleyH. E.Finding a better immunization strategy200810152-s2.0-4914908403410.1103/PhysRevLett.101.058701058701BaiW.-J.ZhouT.WangB.-H.Immunization of susceptible-infected model on scale-free networks200738426566622-s2.0-3454804069210.1016/j.physa.2007.04.107CohenR.HavlinS.Ben-AvrahamD.Efficient immunization strategies for computer networks and populations2003912442479012-s2.0-0942268259HolmeP.KimB. J.YoonC. N.HanS. K.Attack vulnerability of complex networks2002655142-s2.0-4134912088710.1103/PhysRevE.65.056109056109SamfatD.MolvaR.IDAMN: an intrusion detection architecture for mobile networks1997157137313802-s2.0-003123482710.1109/49.622919YapT. S.EweH. T.A mobile phone malicious software detection model with behavior checker200535975765Lecture Notes in Computer Science2-s2.0-2644450489010.1007/11527725_7ChengJ.WongS. H. Y.YangH.LuS.SmartSiren: Virus detection and alert for smartphonesProceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys '07)June 20072582712-s2.0-3544897994410.1145/1247660.1247690SmirnovA.ChiuehT.-C.Automatic patch generation for buffer overflow attacksProceedings of the 3rd Internationl Symposium on Information Assurance and Security (IAS '07)August 20071651702-s2.0-4674908833510.1109/IAS.2007.87SidiroglouS.KeromytisA. D.Countering network worms through automatic patch generation20053641492-s2.0-3034445999610.1109/MSP.2005.144CuiW.PeinadoM.WangH. J.LocastoM. E.ShieldGen: automatic data patch generation for unknown vulnerabilities with informed probingProceedings of the IEEE Symposium on Security and Privacy (SP '07)May 20072522662-s2.0-3454871709510.1109/SP.2007.34LiF.YangY.WuJ.CPMC: an efficient proximity malware coping scheme in smartphone-based mobile networksProceedings of the IEEE Conference on Computer Communications (INFOCOM '10)March 2010192-s2.0-7795329515210.1109/INFCOM.2010.5462113ZybaG.VoelkerG. M.LiljenstamM.MéhesA.JohanssonP.Defending mobile phones from proximity malwareProceedings of the 28th Conference on Computer Communications (INFOCOM '09)April 2009150315112-s2.0-7034966394210.1109/INFCOM.2009.5062067KhouzaniM. H. R.SarkarS.AltmanE.Dispatch then stop: optimal dissemination of security patches in mobile wireless networksProceedings of the 49th IEEE Conference on Decision and Control (CDC '10)December 2010235423592-s2.0-7995315403110.1109/CDC.2010.5717273GaoC.LiuJ.Modeling and restraining mobile virus propagation201312352954110.1109/TMC.2012.29GaoC.LiuJ.Modeling and restraining mobile virus propagation201310.1109/TMC.2013.15LiuJ.Autonomy-Oriented Computing (AOC): the nature and implications of a paradigm for self-organized computingProceedings of the 4th International Conference on Natural Computation (ICNC '08)October 20083112-s2.0-5764917654910.1109/ICNC.2008.872LiuJ.JinX.TsuiK. C.2005New York, NY, USASpringerLiM.ZhaoW.Asymptotic identity in min-plus algebra: a report on CPNS20122012112-s2.0-8005267337010.1155/2012/154038154038ZBL1233.68032LiM.ZhaoW.Representation of a stochastic traffic bound2010219136813722-s2.0-7795522733610.1109/TPDS.2009.162GaoC.LiuJ.ZhongN.Network immunization with distributed autonomy-oriented entities2011227122212292-s2.0-7995372320110.1109/TPDS.2010.197GuimeràR.DanonL.Díaz-GuileraA.GiraltF.ArenasA.Self-similar community structure in a network of human interactions20036866510316510342-s2.0-1842616539065103LeskovecJ.KleinbergJ.FaloutsosC.Graphs over time: densification laws, shrinking diameters and possible explanationsProceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery and Data MiningAugust 2005ACM1771872-s2.0-3234443621010.1145/1081870.1081893LeskovecJ.KleinbergJ.FaloutsosC.Graph evolution: densification and shrinking diameters2007111412-s2.0-3424820506010.1145/1217299.1217301BuT.TowsleyD.On distinguishing between internet power law topology generatorsProceedings of the 21st IEEE International Conference on Computer and Communications (INFOCOM '02)2002638647ZouC. C.TowsleyD. F.GongW.Modeling and simulation study of the propagation and defense of internet e-mail worms2007421061182-s2.0-3424899531110.1109/TDSC.2007.1001GaoC.LiuJ.ZhongN.Network immunization and virus propagation in email networks: experimental evaluation and analysis20112722532792-s2.0-7995507342810.1007/s10115-010-0321-0Norman BaileyT. J.19752ndLondon, UKGriffinDaleyD. J.GaniJ.2000Cambridge, UKCambridge University PressDiekmannO.HeesterbeekJ. A. P.2000New York, NY, USAJohn Wiley & Sons