| Peer-to-Peer worms ( P2P worms ) are special worms that propagate in peer-to-peer networks. With the popularity of P2P applications, P2P worms will bring much harm to Internet, not only because of their severe damages but also because of the little understanding about them. Compared to traditional Internet worms, there is few report about the outbreak of P2P worm. However, researchers believe P2P worms are one of main threats of Internet. This thesis aims at discover some essential issues in this important and novel area. The purpose is to help people to detect and prevent P2P worms.Main contributions of the thesis are as follows:A virtual node based P2P worm simulation method is proposed.A virtual node based P2P simulation method was proposed based on our analysis of current popular simulation tools used in traditional worms. In virtual node based simulation, the function and the data in each P2P worm node are separated. All the functions of P2P worm will be implemented as a management node which is a special process or thread running in simulation computer. Because each virtual P2P worm node does not need computational resource, the total computational resources will be saved so that one or more common computers with limited physic resources can be used to simulate large-scale P2P worms. In order to develop virtual node based P2p worm simulation system, a double-engine based simulation software frame is also proposed, in which the local simulating engine will implement P2P worms'functions and the networking simulation engine will implement message communication among virtual nodes. Primary experimental results show that our novel simulation approach is efficient and can be used to simulate large-scale P2P worms with high fidelity.A collaborative propagation policy of P2P worms is proposed.The greedy propagation policy of P2P worm will bring a large amount of attacking traffics to activate security defensive facilities. Based on our prior researches on greedy propagation in P2P worms, a collaborative propagation policy is proposed to speed up the spreading of P2P worms. With collaborative propagation policy, each P2P worm can exchange its neighboring list with its neighbors to avoid re-infecting nodes. In order to further decrease attacking traffics, each infected node can also exchange in-coming infection information with other P2P worms. Therefore, the attacking traffics are reduced with fast propagation speed. In this paper, the collaborative propagation algorithm is proposed and analyzed. The simulation problem of collaborative policy is also addressed. Our primary experimental results show that the collaborative policy based P2P worms are more covert and can spread with high speed. Therefore, it is very difficult to detect and defense the collaborative policy based P2P worm.A scheme for detection and defense of P2P worms is proposed.Active recognition based P2P worm detection is proposed in this thesis. In order to implement the active recognition based detection scheme, some nodes with defensive capacity are intentionally distributed into really P2P network to discover and collect suspicious traffics. Then, a central server will analyze and determine whether the traffic is P2P worm or not. In order to defense P2P worms, a suicide based defensive approach is also proposed. In this novel defensive solution, the P2P worm node will suicide to avoid being infected and exploited. Furthermore, the suicide node will also send a warning message to its neighbors to take preventive actions.Because P2P worm related issues are new and complicated, our primary researches can be used by other person to propose more advanced and more practical detection and defensive solutions. Additionally, our researching results are also useful for other traditional Internet worms. For example, the P2P simulation scheme proposed in this thesis can also be used to simulate traditional worms.
|
PDF Full Text Request