Research On Propagation Modeling And Containment Strategies Of P2P Worm

With the rapid development of Internet, the threats by the network worms to the computer systems and networks become increasingly serious. P2P worms are a new kind of network worms based on peer-to-peer networks to locate susceptible hosts, self-replicate and spread. Each peer in a P2P network keeps a list of neighbors and has homogenous and dynamic characteristics. Compared with traditional worms, P2P worms have the capability of more accurate positioning, better concealed propagation manner, and faster propagation capability which make them be able to affect wider range and have enormous damage to the networks. The research on P2P worms is one of the hot topics of network security areas. The effective containment of the spread of P2P worms is a very urgent problem to be solved.By analyzing the self-propagation mechanisms the worms and the impact of the actual network condition to worm propagation, right P2P worm propagation models are established, which can reflect the behavior of the P2P worm’s spread, and then effective containment strategies can be proposed. This dissertation analyzes the attacking behaviors of P2P worms and then proposes mathematical propagation models of P2P worms by combining with complex network theory, epidemiology, and related theories. Through the analysis and research on P2P worm propagation models, the trend of P2P worm propagation is predicted and the weak points are identified, effective defense strategies are put forward and the effectiveness of these strategies is verified by theretical analysis and experiments. The results of the dissertation reveal the rules of P2P worm propagation and provide a theoretical foundation for proposing effective containment strategies and controling and removing P2P worms, which has important theoretical value and application prospect. The dissertation launches an in-depth study focusing on the propagation models and containment strategies of different types of P2P worms. The research works of this dissertation are as follows.A mathematical propagation model of active P2P worm is proposed considering the churn characteristic of peers combined with complex network theory and epidemiology theory. Based on the analysis of the mathematical model, the sufficient condition that active P2P worms will not prevail is derived and the basic reproduction number, the removing threshold of P2P worms, is obtained. Simulation results verify the effectiveness of the propagation model and the correctness of the basic reproductive number.Through studying the impact of different parameters on active P2P worm propagation, a three-phase containment strategy is proposed and the Dynamic Quarantine Protocol (DQP) is given. Then the mathematical model of P2P worms under Dynamic Quarantine (PWPDQ) is put forward in which relevant parameters of detection strategies, dynamic quarantine strategies, and immunization strategies are introduced. The basic reproduction number is derived and the effectiveness of the containment strategy is verified by simulation.The attack mechanism and the way of infection of passive P2P worms are analyzed thoroughly. According to the P2P network characteristics, the average field strength and epidemiological theory, two mathematical models are proposed taking into account the behaviors of users and the dynamics of the networks respectively. The basic reproduction number is derived and the correctness is verified by simulation. The containment strategy of passive P2P worm using pulse control is brought forward. The effects of the immunization strategy and regular file deletion strategy to suppress the passive P2P worms are studied and the mathematical model is presented. Simulations validate the models and the containment strategy using pulse control.Recently, the research on P2P worm in IPv6network is rare and no corresponding mathematical model is established. By the analysis of two-stage attacks of P2P worms in IPv6networks, a discrete and species-based mathematical model is purposed and the effectiveness of the model is validated by simulation.The cooperating containment strategy for controlling P2P worms in IPv6networks is presented and the corresponding protocol is designed. The mathematical model is presented by introducing the dynamic parameters. The effects of the changes of dynamic parameters are analyzed and simulation experiments validate that the containment strategy can effectively inhibit the propagation of P2P worms in IPv6networks:...