Network Worm Prevention Mechanism Research Based On P2P Technology

With the fast development of Internet, issue of network security is becoming increasingly serious with yearly growing security events, booming particularly in recent years. Internet worm has become one of the major threats to Internet for the sake of its severe destructive impact, large invasive scale and rapid pervasive speed. Therefore, it is pressing to hamper Internet worm's prevalence in large scale network.Most of existing defense systems utilize part features of Internet worm, to identify potential Internet worm attacks by means of monitoring and analyzing a single host's or local network's abnormal behavior. However, generally Internet worm often spread through the Internet, with quite rich behavior patterns and propagating media. Therefore it is hard to accurately identify unknown Internet worm's damage and its incidence merely through analyzing part features, which influence further preventive measures'effect.Currently, researching propagation model and defense technologies of Internet worm within Internet has become consensus of the academic circles. Thus a global emergency response mechanism is necessary to share warning information of Internet worm in time, with purpose to keep the dissemination and destruction within limits. However, in the current Internet environment, convergence and analysis of so large quantities data is almost infeasible relying on traditional network sharing techniques. So we will concern the P2P technologies which are quite successful in the areas of file sharing. It has potential in the field of distributed computing applications, which is the necessary computing environment and mode needed in large-scale Internet worm defense system. By building an Internet worm defense-oriented P2P overlay network, establishing a large-scale Internet worm defense system, it is possible to restrain Internet worm effectively. This thesis conducts an in-depth study on Internet worm defense mechanism based on P2P technology for above reasons.Firstly, summary and analysis of Internet worm's mechanism and propagation model is given, which play critical role in identifying relevant propagation characteristics and key influencing factors. It serves to pave the way for seeking further methods to combat Internet worm's invasion, and make it possible to detect defects in the structure of the existing network infrastructure to provide theoretical support for the structure optimization of the Internet with more security and fault-tolerant capabilities. This thesis makes an in-depth analysis of the Internet worm's peculiar features, which are different from other malicious codes in terms of definition, behavior models, technical means, and scanning strategy. Based on the research of basic epidemic model --Simple Epidemic model, Kermack model, Two-Factor model and SIS (Susceptible-Infectious-Susceptible) mode, Internet worm's propagation model on P2P networks is explored to provide a theoretical basis for further study on the defense strategies against Internet worm.Secondly, scheme of a hierarchical P2P overlay network for Internet worm defense and corresponding data aggregation algorithm are presented. Against the problems of current P2P overlay networks in application of Internet worm detection, this thesis presents a hierarchical peer-to-peer overlay network for Internet worm prevention, for short HPOWP. Through hierarchical P2P structure, HPOWP improves network scalability of the traditional P2P structure, and adapts to topology of existing network infrastructure effectively, reduces the problems resulting from disparity in logical and physical distance of hierarchical P2P network. Meanwhile, the deployment of various security measures, especially Internet worm defense strategy, is facilitated. We can adopt the appropriate measures according to different network levels, which is suitable for dealing with Internet worm's propagation in actual Internet environment. On the basis of HPOWP, this thesis further explores the distributed Internet worm early warning information aggregation algorithm in P2P network environment. HPOWP consists of two types of P2P networks: random overlay and structured overlay. Given the topology instability of random overlay, the design of distributed data aggregation algorithm in sub-clustering network is based on Gossip algorithm, which has strong fault tolerance and good scalability. In the high-level DHT structured overlay of HPOWP, a distributed data aggregation algorithm based on DHT, called the DAAD, is present for the collection of early-warning information. DAAD provides an overall view of certain data scattered in the network, which lays the groundwork for the study of Internet worm defense mechanism in large-scale network environment. Simulation results show that the model can effectively solve the rapid aggregation of scattered data issues under complex network environment.Thirdly, the early warning for Internet worm invasion is studied. HPOWP presents a new platform for cooperated Internet worm prevention, and makes early warning of Internet worm in large-scale network environment possible. The self-similarity of Internet worm is discussed as the theoretical foundation. Consequently, fingerprint-based recognition and behavior sequence characteristic are studied for Internet worm recognition technology. By building a honeypot network on HPOWP, this thesis studies early warning mechanism for Internet worm in clustering network and high-level DHT overlay network. The P2P based Internet worm defense system in this thesis makes effective use of the advantage of distributed storage and computation of P2P technology. Simulation results show that proposed solution has some significance in integrating the existing Internet worm early warning systems and realizing the large-scale interactive warning analysis of Internet worm's invasion..Finally, the immune mechanisms of Internet worm are discussed. Immunising vulnerable network systems is an important solution to prevent sabotage and spread of Internet worm. For suppressing and eliminating Internet worm, it's key to shorten the interval between issuance of vulnerability and codes of relevant security update. This thesis introduces network system vulnerabilities and security updating related problems, pointing out the necessity and urgency of the network immune system. On this basis, we study three different types of Internet worm immune models, namely server-based Internet worm immune model, P2P-based Internet worm immune model, and friendly worm-based immune model, which provide a wide range of solutions for Internet worm immune mechanism, and discuss various factors related to worm immune mechanism.