CLC number: TP309.5; TP393.08
On-line Access: 2010-01-01
Received: 2009-03-14
Revision Accepted: 2009-11-11
Crosschecked: 2009-10-31
Cited: 8
Clicked: 11611
Xiao-song ZHANG, Ting CHEN, Jiong ZHENG, Hua LI. Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks[J]. Journal of Zhejiang University Science C, 2010, 11(2): 119-129.
@article{title="Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks",
author="Xiao-song ZHANG, Ting CHEN, Jiong ZHENG, Hua LI",
journal="Journal of Zhejiang University Science C",
volume="11",
number="2",
pages="119-129",
year="2010",
publisher="Zhejiang University Press & Springer",
doi="10.1631/jzus.C0910488"
}
%0 Journal Article
%T Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks
%A Xiao-song ZHANG
%A Ting CHEN
%A Jiong ZHENG
%A Hua LI
%J Journal of Zhejiang University SCIENCE C
%V 11
%N 2
%P 119-129
%@ 1869-1951
%D 2010
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.C0910488
TY - JOUR
T1 - Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks
A1 - Xiao-song ZHANG
A1 - Ting CHEN
A1 - Jiong ZHENG
A1 - Hua LI
J0 - Journal of Zhejiang University Science C
VL - 11
IS - 2
SP - 119
EP - 129
%@ 1869-1951
Y1 - 2010
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.C0910488
Abstract: It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon engender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model, in this paper, we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors: (1) network topology, (2) countermeasures taken by Internet service providers (ISPs) and users, (3) configuration diversity of nodes in the P2P network, and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways: improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.
[1] Adamic, L.A., Lukose, R.M., Puniyani, A.R., Huberman, B.A., 2001. Search in power-law networks. Phys. Rev. E, 64(4):461351-461358.
[2] Albert, R., Jeong, H., Barabdsi, A.L., 2000. Error and attack tolerance of complex networks. Nature, 406(6794):378-382.
[3] Bu, T., Towsley, D., 2002. On Distinguishing Between Internet Power Law Topology Generators. Proc. IEEE Conf. on Computer Communications, p.638-647.
[4] Chen, G., Gray, R.S., 2006. Simulating Non-Scanning Worms on Peer-to-Peer Networks. Proc. 1st Int. Conf. on Scalable Information Systems, p.29-41.
[5] Cohen, R., Erez, K., Avraham, D.B., Havlin, S., 2000. Resilience of the Internet to random breakdowns. Phys. Rev. Lett., 85(21):4626-4628.
[6] Cowie, J., Ogielski, A., Premore, B., Yuan, Y., 2001. Global Routing Instabilities During Code Red II and Nimda Worm Propagation. Available from http://www.renesys.com/projects/bgpinstability [Accessed on Aug. 8, 2002].
[7] eEye Digital Security, 2001a. Analysis: .ida “Code Red” Worm. Available from http://www.eeye.com/html/Research/Advisories/AL20010717.html [Accessed on Mar. 22, 2008].
[8] eEye Digital Security, 2001b. Analysis: Code Red II Worm. Available from http://www.eeye.com/html/Research/Advisories/AL20010804.html [Accessed on Sept. 12, 2005].
[9] F-secure, 2004. Mydoom. Available from http//www.f-secure. com/tools [Accessed on Mar. 17, 2005].
[10] Feng, C., Qin, Z., Cuthbet, L., Tokarchuk, L., 2008. Propagation Model of Active Worms in P2P Networks. Proc. 9th Int. Conf. for Young Computer Scientists, p.1908-1912.
[11] Frauenthal, J.C., 1980. Mathematical Modeling in Epidemiology. Springer-Verlag, New York, p.1-7.
[12] Khiat, N., Charlinet, Y., Agoulmine, N., 2006. The Emerging Threat of Peer-to-Peer Worms. Proc. 1st EEE Workshop on Monitoring, Attack Detection and Mitigation, p.1-3.
[13] Li, Z., Zhang, Y., Hu, Z., Lin, H., Lu, C., 2009. Network-Based Detection Method Against Proactive P2P Worms Leveraging Application-Level Knowledge. Proc. 1st Int. Workshop on Education Technology and Computer Science, p.575-580.
[14] McIlwraith, D., Paquier, M., Kotsovinos, E., 2008. Di-Jest: Autonomic Neighbour Management for Worm Resilience in P2P Systems. Proc. IEEE Int. Symp. on a World of Wireless, Mobile and Multimedia Networks.
[15] Nie, X., Wang, Y., Jing, J., Liu, Q., 2008. Understanding the Impact of Overlay Topologies on Peer-to-Peer Worm Propagation. Proc. Int. Conf. on Computer Science and Software Engineering, p.863-867.
[16] Random Nut, 2003. The PACKET 0’ DEATH FastTrack Network Vulnerability. Available from http://archive.cert.uni-stuttgart.de/bugtraq/2003/05/msg00277.html [Accessed on June 18, 2005].
[17] Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S., 2001. A scalable content addressable network. ACM SIGCOMM Comput. Commun. Rev., 31(4):161-172.
[18] Ripeanu, M., Foster, I., 2002. Mapping the gnutella network: macroscopic properties of large-scale peer-to-peer systems. LNCS, 2429:85-93.
[19] Rowstron, A., Druschel, P., 2001. Pastry: scalable, decentralized object location and routing for large-scale peer-to-peer systems. LNCS, 2218:329-350.
[20] Silvey, P., Hurwitz, L., 2004. Adapting Peer-to-Peer Topologies to Improve System Performance. Proc. Hawaii Int. Conf. on System Sciences, p.3117-3126.
[21] Singer, M., 2002. Benjamin Worm Plagues KaZaA. Available from http://www.internetnews.com/bus-news/article.php/3531_1141841 [Accessed on Nov. 3, 2008].
[22] Sourceforge, 2009. PeerSim P2P Simulator. Available from http://peersim.sourceforge.net/ [Accessed on Nov. 3, 2008].
[23] Staniford, S., Paxson, V., Weaver, N., 2002. How to Own the Internet in Your Spare Time. Proc. 11th USENIX Security Symp., p.149-167.
[24] Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H., 2001. Chord: a scalable peer-to-peer lookup service for Internet applications. ACM SIGCOMM Comput. Commun. Rev., 31(4):149-160.
[25] Thommes, R., Coates, M., 2006. Epidemiological Modeling of Peer-to-Peer Viruses and Pollution. Proc. 25th IEEE Int. Conf. on Computer Communications, p.181-192.
[26] Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S., Zhang, L., 2002. Observation and Analysis of BGP Behavior under Stress. Proc. 2nd ACM SIGCOMM Workshop on Internet Measurment, p.183-195.
[27] Wang, Y., Wang, C., 2003. Modeling the Effects of Timing Parameters on Virus Propagation. ACM Workshop on Rapid Malcode, p.61-66.
[28] Xia, C., Shi, Y., Li, X., Gao, W., 2007. P2P worm detection based on application identification. Front. Comput. Sci. China, 1(1):114-122.
[29] Yu, W., Chellappan, S., Wang, X., Xuan, D., 2006. On Defending Peer-to-Peer System-Based Proactive Worm Attacks. Proc. IEEE Global Telecommunications Conf., p.1757-1761.
[30] Yu, W., Chellappan, S., Wang, X., Xuan, D., 2008. Peer-to-peer system-based active worm attacks: modeling, analysis and defense. Comput. Commun., 31(17):4005-4017.
[31] Zhang, Y., Li, Z., Hu, Z., Huang, Q., Lu, C., 2008. Evolutionary Proactive P2P Worm: Propagation Modeling and Simulation. Proc. 2nd Int. Conf. on Genetic and Evolutionary Computing, p.261-264.
[32] Zhao, B., Huang, L., Stribling, J., Rhea, S.C., Joseph, A.D., Kubiatowicz, J., 2004. Tapestry: a resilient global-scale overlay for service deployment. IEEE J. Sel. Areas Commun., 22(1):41-53.
[33] Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M., Chien, S., 2005. A First Look at Peer-to-Peer Worms: Threats and Defenses. Proc. 4th Int. Workshop of Peer-to-Peer Systems, p.24-35.
[34] Zhou, Y., Wu, Z., Wang, H., Zhong, J., Feng, Y., Zhu, Z., 2006. Breaking Monocultures in P2P Networks for Worm Prevention. Proc. Int. Conf. on Machine Learning and Cybernetics, p.2793-2798.
[35] Zou, C.C., Gong, W., Towsley, D., 2002. Code Red Worm Propagation Modeling and Analysis. Proc. 9th ACM Conf. on Computer and Communication Security, p.138-147.
[36] Zou, C.C., Towsley, D., Weibo, G., 2003. On the performance of Internet worm scanning strategies. Perform. Eval., 63(7):700-723.
Open peer comments: Debate/Discuss/Question/Opinion
<1>
Xiao Shengfang
2010-03-28 19:48:35
An interesting model with exhaustive analysis. I strongly recommend this paper.
head<headium2006@gmail.com>
2010-03-17 21:48:11
Nice paper. May I have further discussion on this topic with you, sir?
fang
2010-01-09 18:26:17
It's too difficult for me to understand it , good good good
fang
2010-01-09 18:21:15
just so so