Chao-sheng Feng,Jun Yang,Zhi-guang Qin,Ding Yuan,Hong-rong Cheng

DOI: https://doi.org/10.1016/j.simpat.2014.11.004

IF: 4.199

2015-01-01

Simulation Modelling Practice and Theory

Abstract:A number of worms, named P2P (peer-to-peer) passive worms, have recently surfaced, which propagate in P2P file-sharing networks and have posed heavy threats to these networks. In contrast to the majority of Internet worms, it is by exploiting users’ legitimate activities instead of vulnerabilities of networks in which P2P passive worms propagate. This feature evidently slows down their propagation, which results in them not attracting an adequate amount of attention in literature. Meanwhile, this feature visibly increases the difficulty of detecting them, which makes it very possible for them to become epidemic. In this paper, we propose an analytical model for P2P passive worm propagation by adopting epidemiological approaches so as to identify their behaviors and predict the tendency of their propagation accurately. Compared with a few existing models, dynamic characteristics of P2P networks are taken into account. Based on this proposed model, the sufficient condition for the global stability of the worm free equilibrium is derived by applying epidemiological theories. Large scale simulation experiments have validated both the proposed model and the condition.

Muhammad Adeel,Laurissa N. Tokarchuk,Laurie G. Cuthbert,Chao-sheng Feng,Zhi-guang Qin

DOI: https://doi.org/10.1109/CCNC.2009.4784961

2010-01-01

Abstract:We analyse different worm and patch propagation models along with the ones we have developed and evaluated as a part of our ongoing passive P2P worm & patch modelling project. This is followed by a brief discussion on worm detection mechanisms proposed by various authors. Towards the very end of this article, we propose a distributed framework for passive worm throttling in P2P networks and discuss its feasibility and efficiency keeping in view different design considerations.

Chunfu Jia,Xin Liu,Zhichao Hu,Guoyou Liu,Zhi Wang

DOI: https://doi.org/10.1007/978-3-642-28744-2_85

2012-01-01

Abstract:Malicious worms can be exploited to steal user’s privacy information, destroy the user system and launch DDOS attack. We proposed a method of forming secure P2P network using benign worms against malicious worms. The benign worm with a hitlist is used to patch and clean the corresponding malicious worm for peers in the P2P network which is based on the largest distance list. The spread of the benign worm is also a distributed patching process. The patch can be disseminated more quickly and the network congestion is much less than centralized patching scheme in P2P networks. In the experiments, after the benign worm accomplished its mission in the P2P network, almost all of the vulnerable and infected peers are healthy. The P2P network is secure to the malicious worm.

Shi-jie ZHOU,Zhi-guang QIN,Le-yuan LIU,Yi-yi DENG

DOI: https://doi.org/10.3969/j.issn.1002-137X.2011.03.012

2011-01-01

Computer Science

Abstract:P2P worms employ the distinctive features of P2P network,such as the local routing table,application routing mechanism and so on,to quickly distribute them into the network while holding the covert characteristic.Contrarily,the common internet worms generally rely on detecting the victims' IP address to spread.Therefore,the lack of hidden feature and feasible promulgating paths make that it is easier to detect and defense the ordinary internet worms than P2P worms.Consequently,the P2P worm can do more damage to the network if lacking the effective defensive scheme.In this paper,the P2P worm,especially its transmission mechanism was analyzed synthetically.Then,an anti-worm based scheme for the defensive of P2P worm was presented.The principle and functional modules of this new scheme were addressed as well.By using the Peersim P2P simulator,the performance of our novel scheme was evaluated experimentally in various system parameters.The primary experimental results indicated that our anti-worm based defensive scheme for P2P worm has the features of fast convergence,low overload of networking resource(including communication traffic and computing power),and high adaptability.

Xin Liu,Zhichao Hu,GuoYou Liu,Zhi Wang,Chunfu Jia

2011-01-01

Journal of Computational Information Systems

Abstract:Malicious worms can be exploited to destroy the user system and launch DDoS attack against computer networks. We proposed a method of forming secure P2P network using benign worms against malicious worms. The corresponding benign worm with a hitlist is generated to clean the malicious worm and patch peers in the P2P network which is based on the largest distance list. The benign worm propagates along the histlist. The spread of the benign worm is also a distributed patching process. The patch can be disseminated more quickly and the network congestion is much less than centralized patching scheme in P2P networks. In the experiments, after the benign worm accomplished its mission in the P2P network, all the malicious worms on infected peers are cleaned and almost all of the vulnerable peers are patched. Copyright © 2011 Binary Information Press.

FENG Chao-sheng,QIN Zhi-guang,YUAN Ding,QING Yu

DOI: https://doi.org/10.3969/j.issn.0372-2112.2013.05.009

2013-01-01

Abstract:In this paper,we identified the features of passive worm.Further the models of propagation and immunization of passive worms are proposed in the mean-field methods.Based on the model of worm propagation and Epidemiology,the sufficient condition for the global stability of the worm free equilibrium is deduced.Simulations validate the condition.Both the sufficient condition and all the experiment results show that amongst all P2P-related factors having effect on passive wormpropagation,attack performance of passive worms is most sensitive to two P2P system parameters:the download rate and the recovery rate.Controlling the two parameters,i.e.decreasing the download rate and increasing the recovery rate,provides an effective means for throttling the spread of passive worms.

Xiaosong Zhang,Ting Chen,Jiong Zheng,Hua Li

2009-01-01

Abstract:Nowadays, the security of P2P networks is alarming ascribing to worms which propagate by exploiting common vulnerabilities in P2P software. Taking account of the topology of P2P networks and the behavior of worms, this paper models the propagation of active worms in unstructured P2P networks. Simulations indicate that propagation of worms in P2P networks is much faster than that in un-P2P networks. This paper highlights the analysis of the impact of worm propagation brought by attack and defense strategy changes from the angle of network topology. Finally we put forward a suggestion of worm defense in P2P networks.

Ting Chen,Xiao-song Zhang,Yue Wu

DOI: https://doi.org/10.1016/j.future.2013.06.025

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:At present, P2P worm poses a serious threat to the Internet infrastructure and common users since it spreads extremely fast and is hard to be detected in early stage. In this paper, we propose a Four-factors Propagation Model (FPM) for passive P2P worms. There are two major contributions of this paper. Firstly, we take four critical factors—address hiding, configuration diversity, online/offline behaviors and download duration into consideration. As far as we know, the first two factors have not been considered in existing models yet. Secondly, we explicitly derive the differential equations of our FPM. Then worm behaviors in steady state are researched in depth by numerical methods. The following simulations give two suggestions for worm quarantining. On one hand, worms can be slowed down by increasing the proportion of hosts with internal addresses. One the other, breaking the configuration monocultures of hosts is an efficient way to contain worms.

Zhi-guang Qin,Chao-sheng Feng,Feng-li Zhang,Laurence CuthbeRt

DOI: https://doi.org/10.1109/icycs.2008.237

2012-01-01

Abstract:P2P worms pose heavy threatens to P2P networks. P2P worms exploit common vulnerabilities in member hosts of a P2P network and spread topologically in the P2P network, a potentially more effective strategy than random scanning for locating victims. Considering that the topology of P2P networks has important effect on P2P active worm spreading, it is very difficult to model propagation of P2P active worms. For this reason, so far few propagation models are proposed. In this paper, we propose a propagation model of active worms in P2P networks based the discrete-time method. The analysis on simulation results shows that there exists some threshold value during spreading of active worms and different infection strategies result in different infection results in P2P networks.

J. Luo,B. Xiao,Q. Xiao,J. Cao,M. Guo

DOI: https://doi.org/10.1145/2567925

2014-01-01

ACM Transactions on Autonomous and Adaptive Systems

Abstract:BitTorrent (BT) is one of the most common Peer-to-Peer (P2P) file sharing protocols. Rather than downloading a file from a single source, the protocol allows users to join a swarm of peers to download and upload from each other simultaneously. Worms exploiting information from BT servers or trackers can cause serious damage to participating peers, which unfortunately has been neglected previously. In this article, we first present a new worm, called Adaptive BitTorrent worm (A-BT worm), which finds new victims and propagates sending forged requests to trackers. To reduce its abnormal behavior, the worm estimates the ratio of infected peers and adaptively adjusts its propagation speed. We then build a hybrid model to precisely characterize the propagation behavior of the worm. We also propose a statistical method to automatically detect the worm from the tracker by estimating the variance of the time intervals of requests. To slow down the worm propagation, we design a safe strategy in which the tracker returns secured peers when receives a request. Finally, we evaluate the accuracy of the hybrid model, and the effectiveness of our detection method and containment strategy through simulations.

Yejiang Zhang,Zhitang Li,Chuiwei Lu,Huaiqing Lin,Qingfeng Huang

DOI: https://doi.org/10.3321/j.issn:1671-4512.2007.z1.063

2007-01-01

Abstract:Research against P2P (peer-to-peer) worms in P2P networks is launched. First, the preliminary taxonomy of P2P worms is given and characteristics of different P2P worms are discussed. Then, the possibility of using P2P networks to handle P2P worms is explored, and preliminary countermeasures are proposed.

JunPeng Mao,Yanli Cui,JianHua Huang,JianBiao Zhang

DOI: https://doi.org/10.1109/iita.2008.405

2008-01-01

Abstract:With peer-to-peer (P2P) technology widely applied, P2P network have become an attacked target of viruses and other malicious code. Among them, pollution attacking of resource is one of most serious threat to P2P file share system. In order to improve the security and transmitting efficiency of P2P network, construct pollution disseminating model of P2P network and analyze the disseminating behavior of polluted resource and legal resource. Main conclusion including, 1) the fluctuation of resource's popularity effects greatly on disseminating behavior of polluted resource, however, a high popularity of polluted resource do not always means to a fast disseminating ratio; 2) The longer resource's disseminating time, the less effect of resource's popularity to the disseminating behavior of polluted and legal resource. 3) The relation between disseminating ratio of polluted resource and share-degree or cognition-degree is inverse ratio, however, disseminating ratio of legal resource approximately exponentially increase with above two factors.

Xiao-song Zhang,Ting Chen,Jiong Zheng,Hua Li

DOI: https://doi.org/10.1631/jzus.c0910488

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon engender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model, in this paper, we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors: (1) network topology, (2) countermeasures taken by Internet service providers (ISPs) and users, (3) configuration diversity of nodes in the P2P network, and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways: improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.

Hua Li,Zheng Qin,Xiaohui Pan,Xiaosong Zhang

DOI: https://doi.org/10.1109/MINES.2009.109

2009-01-01

Abstract:Nowadays, P2P network has been used by millions of internet subscribers because of its convenience in sharing and exchanging files. But non-scanning active worms which propagation by making use of the topology of the P2P network make P2P network facing heavy threaten. This kind of worms can propagate much faster than non-P2P worms since they needn't waste time for randomly searching for attack targets and can cause much more harm to network. So in this paper we study the propagation of this kind of worms in unstructured P2P network, propose a new non-scanning active worm propagation model and describe the impact of the related parameters, such as the size of the P2P network, the size of the hit list etc, on the propagation speed of the non-scanning active worm. We believe our model can be a guideline in the defense and control of non-scanning active worm propagation in unstructured P2P network to some extent

Ting Chen,Xiao-song Zhang,Hua Li,Xiong-da Li,Yue Wu

DOI: https://doi.org/10.1016/j.jnca.2011.04.003

IF: 7.574

2011-01-01

Journal of Network and Computer Applications

Abstract:P2P worms pose a serious threat to Internet infrastructure and terminal users because of their overwhelming propagation speed. Manual reactions fall behind the fast propagation of P2P worms. Current automatic techniques are still not adequate to be deployed on a large scale for several challenges including low accuracy, low efficiency, etc. In this paper, we bring forward a repair-and-patch approach to quarantine malicious worms quickly in unstructured P2P networks. Our work has two major contributions. Firstly, we propose two kinds of benign worms, which differ in functions and spread strategies, to cooperatively battle against malicious worms. Secondly, we derive discrete difference equations to depict the interplay between malicious and benign worms. Four factors - manual countermeasures, P2P topology, configuration diversity and attack and defense strategies - are modeled in the equations. Preliminary experiments are promising. Compared with sheer manual reactions, our approach is about two times faster and protects about 35% more hosts. In comparison with benign worms, which search targets by random scanning, our proposed method guards about 34.4% more hosts with lower consumption of bandwidth resources.

GuoZheng Wu,Chaosheng Feng,Zhiguang Qin

DOI: https://doi.org/10.3772/j.issn.1006-6748.2012.04.012

2012-01-01

Abstract:This paper analyzes the characteristics of the Peer-to-Peer (P2P) active worm and its attacking mechanism, and then proposes a mathematical model of propagation of the P2P active worm applying Epidemiology. Based on the analysis on the protocols of realistic P2P systems, a software which can be used to simulate the P2P network environment and the propagation of P2P active worm is implemented in this paper. A large number of simulation experiments are performed using the developed simulation software. The results from these simulation experiments validate the proposed model, which means that the model can be used to analyze the spreading behaviors of the P2P active worm and predict its trend. Copyright © by HIGH TECHNOLOGY LETTERS PRESS.

Zhitang Li,Yejiang Zhang,Zhengbing Hu,Huaiqing Lin,Chuiwei Lu

DOI: https://doi.org/10.1109/nswctc.2009.357

2009-01-01

Abstract:In addition to the real time nature, the neighbor list/routing table of the node in P2P (peer-to-peer) systems presents precise topological information, which makes it possible for proactive P2P worms to propagate over P2P networks rapidly and cause severe damage. However, it is still a challenge to detect their propagation before they plague P2P networks. Based on modeling and analysis of proactive P2P worm propagation and its abnormal multicast traffic pattern, we propose an efficient method for real time worm detection and control against proactive P2P worms according to its multicast characteristic. Simulations on scale-free P2P network topologies have shown promising results of our method.

Chang-Ting Lin,Chunming Wu,Min Huang,Zhenyu Wen,Qiumei Cheng

DOI: https://doi.org/10.1109/SRDSW.2016.21

2016-01-01

Abstract:IP address mutation is a proactive defense method that is used to reduce the risk of network attacks, especially to deal with the worm propagation attacks. However, previous work did not give much consideration to the negative effects that IP address mutation could bring to network performance. To be specific, there is a trade-off between network performance and security, which implies that when a security mechanism is reinforced, network performance would be impaired and vice versa. Therefore, in order to achieve the optimal balance between performance and security, an optimal solution should be provided. In this paper, we propose an adaptive IP mutation defense method which is based on temporal-dimension, to dynamically control the mutation interval according to real-time measurable metrics, assurance and avoidance. This method leverages a genetic algorithm to achieve the optimization of performance-security trade-off. We then evaluate our method in a simulated computer cluster environment, including 1024 hosts, and demonstrate that our method can successfully find the optimal solution according to the experimental results. For example, it can reduce the worm propagation significantly, while maintaining the network performance in a predefined level.

feng chaoshengl,Zhiguang Qin,Yuan Ding,Liu Xia,Jianjun Wang

DOI: https://doi.org/10.1109/ICCCAS.2010.5582004

2010-01-01

Abstract:Passive worms pose threats to mobile P2P(peer-to-peer) networks. To predict the tendency of propagation of mobile P2P passive worms and analyze their behaviors, it is necessary to model mobile P2P passive worm propagation. In this paper, the protocols of mobile P2P networks and the features of passive worm propagation are studied. On the basis, the mathematical model of passive worm propagation is proposed in applying Epidemiology. For the purpose of examining the effect of the mobile P2P-related parameters on worm propagation, simulation experiments are carried out. T he results of these experiments show that different parameters have different effect on passive worm propagation, among which the average downloading rate and the average recovery rate of fixed peers have the strongest effect on passive worm propagation among mobile peers. © 2010 IEEE.

劳伦斯·库珀特,罗瑞莎·托卡库克

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.02.25

2010-01-01

Journal of Computer Research and Development

Abstract:Worms have posed a serious threat to Internet. Meanwhile, worms have posed a more serious threat to P2P networks based on Internet. The key properties of P2P networks, which bring facilities to users, result in vulnerabilities to attacks from P2P worms. Considering that models of the other two P2P worms of three classes of P2P worms,namely passive worms and active worms, have been proposed and reactive worms have seriously threatened P2P networks, the models of propagation and immunization of P2P reactive worms are proposed. Furthermore, the condition of worm free in the stead state is deduced from the model of propagation of reactive worms. In order to validate the epidemic model proposed and the condition of worms free in the steady state, large scale simulation experiments are carried out with the software Matlab. All the simulations validate the model and the necessary conditions. In addition, all the simulations show that it is the prevalent index that is in charge of whether worms are prevalent and the degree of worm spread if it will be prevalent. Obviously, the prevalent index is very helpful to find worm-throttling strategies. Analysis of the P2P-related parameters, which determine the value of the prevalent index, shows that decreasing the download rate is the most effective method of throttling worm spread before the corresponding patches are released.