Optimal Queueing Strategies for Email Virus Scanning Cont.

An Arbitrary Message Size Distribution

Figure 8: Dual-Gaussian Message Size Probability Distribution and Density

$\begin{figure}\centerline{\epsfysize 1.62in \epsfxsize 4.0in \epsfbox{gauss.eps}} \end{figure}$

To illustrate how the optimal queueing strategies can be applied to arbitrary message size distributions, an artificial model was created with 90% of the message sizes being Gaussian with mean 2000 and variance 400², and the other 10% Gaussian with mean 50000 and variance 10000². Figure 8 shows this dual-Gaussian model together with an exponential model with mean chosen to minimize the mean-square-error between the two distribution curves. In this case, the measured data does not fit an exponential model very well at all.

Using this dual Gaussian distribution, and the parameters for mail server #1 described previously, the average wait time using the default queue sizes from Figure 1 is W = 2.4919, mainly due to q₄ being overloaded. Using the optimum queue sizes for the size-based strategy yields an average wait time of W = 1.71, and using the size-and-load-based strategy yields W = 0.76.

Table 3 shows the queue size limits for this case. For the size-based strategy, the size limits are about the same as the default. For the size-and-load-based strategy, the size limit for q₃ is significantly larger than the default, which relieves the load on q₄.

Table 3: Queue size limits for the dual Gaussian message size distribution vs. queueing strategy

	default	size	size+load
q₁	2000	2062	2891
q₂	10000	9622	6431
q₃	50000	51904	97328

Conclusion

Optimal queueing strategies were derived for an email virus scanning system with message size distributions based on measured statistics. The strategies were shown to work well for several different email server examples, closely approaching the upper bound for maximum incoming message rate, while providing lower average delay for smaller messages.

Bibliography

1 J. Klensin, Simple Mail Transfer Protocol.
ftp://ftp.isi.edu/in-notes/ rfc2821.txt, April 2001.

2 CERT/CC, Melissa Macro Virus.
http://www.cert.org/advisories/CA-1999-04.html, March 1999.

3 CERT/CC, ExploreZip Trojan Horse Program.
http://www.cert.org/ advisories/CA-1999-06.html, June 1999.

4 CERT/CC, Love Letter Worm.
http://www.cert.org/advisories/CA-2000-04.html, May 2000.

5 CERT/CC, Microsoft Outlook and Outlook Express Cache Bypass Vulnerability.

http://www.cert.org/advisories/CA-2000-14.html, July 2000.

6 CERT/CC, Automatic Execution of Embedded MIME Types.
http://www.cert.org/advisories/CA-2001-06.html, April 2001.

7 CERT/CC, Nimda Worm.
http://www.cert.org/advisories/CA-2001-26.html, September 2001.

8 CERT/CC, Automatic Execution of Macros.
http://www.cert.org/ advisories/CA-2001-28.html, October 2001.

9 CERT/CC, Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers.
http://www.cert.org/advisories/CA-2001-36.html, December 2001.

10 R. J. Martin, MS Word 6.x Macro Viruses Frequently Asked Questions for the ALT.COMP.VIRUS Newsgroup.
http://www.bocklabs.wisc.edu/~janda/macro_faq.html, March 1996.

11 CyberSoft, Inc., VirScan (patent pending).
http://www.cyber.com/.

12 The Sendmail Consortium, sendmail.
http://www.sendmail.org/.

13 S. M. Ross, Introduction to Probability Models.
Academic Press, Inc., 1993.

14 The MathWorks, Matlab.
http://www.mathworks.com/.