This paper proposes a new identifying method of worm e-mail sending behavior based on dummy e-mail address. By dummy luring and behavior patterns matching, complementary to each other, the new method can filter most the worm e-mails, for the purpose of the furthest controlling e-mail worm's propagation, before the immune mechanism comes into force. Also, the new method conquers the same shortcoming of the existing methods, the low sensitivity because of the worm's long propagation lag-time. The result of model test shows that e-mail worm's propagation is well controlled by this means.

• 单位
  山东理工大学