Modeling Worm Propagation In Peer-to-peer File-sharing Networks

The peer-to-peer file-sharing network is quite popular because it can greatly facilitate sharing files with considerable scalability and reliability, and it can solve the problem of service bottleneck which can not be solved in the client / server network. However, the appearance of worms in the network poses heavy threats to the network. They attack and propagate by exploiting the information concerning topology of the network or the legitimate connections. Worms in the P2P file-sharing network are classified into three classes: passive worms, reactive worms and proactive worms. Passive worms propagate depending on legitimate connections, which are set up for such users'normal behaviors as downloading files, while proactive worms attack other hosts by using the topology-related information and exploiting vulnerabilities of the client software or operating system. Reactive worms spread through legitimate connections, which make it difficult to detect them as passive worms, and attack depending on vulnerabilities of P2P client software in the case of being trigged by legitimate connections, which make it fast to propagate as proactive worms. Among the three classes of worms, proactive worms have strongest attacking capability and fastest spreading speed.It is three features of the P2P file-sharing network that make it easy to be leveraged by worms. First, each host in the network stores the information concerning its neighbors. In this case, worms are quite easy to identify which hosts are online and potential targets without scanning. Second, the P2P network is homogeneity, i.e. almost all hosts in the network run the same client software, which makes the network very fragile. If the P2P client software itself contains vulnerabilities that could be exploited by worms, all hosts in the network will be exposed to worms, which can automatically propagate through the network using a single vulnerability without human intervention. Third, in the network, users can freely join or leave without any restriction. Similarly, files can freely be added to the network, which enables worms to enter the network with lack of supervision and inspection.Although P2P worms heavily threaten the P2P file-sharing network, so far no appropriate models of P2P worm propagation have been presented yet. However, modeling worm propagation is very important. The appropriate models can be used to not only analyze the behaviors of worms, perceive the weakness of worm attacking and spreading, but also predict the tendency of worm propagation. For these reasons, the models of propagation of the three-class worms are focused on and studied in applying Epidemiology, Complex Network Theory, simulation technology, etc. in this dissertation. The main contributions of this dissertation are as follows.(1) Considering that the existing models of P2P passive worm propagation ignored the dynamics of P2P file-sharing networks, propose new models of worm propagation with taking into account the dynamics of these networks. The sufficient conditions of the worm-free equilibrium in these networks are derived from the proposed mathematical models of the spread of passive worms in applying Epidemiology. Large-scale simulations show that the proposed models of passive P2P worms are valid and the derived sufficient conditions of worm-free equilibrium are correct.(2) The propagation models of reactive worms are proposed, fully considering dynamic factors of the P2P network such as going online and offline. To the best of our knowledge, this is the first paper in which propagation of P2P reactive worms is modeled mathematically. Further, the sufficient condition of the worm-free equilibrium in the network is derived from the mathematical model of propagation of reactive worms applying Epidemiology. Large scale simulation experiments validate the models and the sufficient condition. Simulations also show that the sufficient condition can be used to early warn the presence of an epidemic.(3)The models of propagation of proactive worms are presented. Simulations show that the P2P logical network is a homogeneous one which has not only the small-world effect, but also the exponential degree distribution. Given this fact, two mathematical models of the worm propagation in the homogeneous network are presented. Considering some studies show that the P2P overlap network is inhomogeneous, a mathematical model of proactive worm propagation in the inhomogeneous network is presented. Large-scale simulations validate these models.