Research On Network Defending Scheme Against Malicious Code Based On Social Computing

Internet gradually becomes a necessary part of our lives. Users are able to obtaininformation and resources, and interact with others through network services. Butmalicious codes such as worms, Trojans and viruses propagate quickly throughmalicious Web pages, instant messaging and P2P network, etc. And they are able tosteal sensitive information and destroy user data. The hosts and the network arethreatened seriously by various malicious codes.To restrain the propagation of malicious codes, a defending scheme based onsocial computing is proposed in this dissertation. To a user, the egocentric network inwhich the user is the centre is formed by social relationships between him and otherusers. Social computing and human computation are utilized to make a fusion forWeb surfing experiences and security software checking results from other users toproduce collective intelligence which can dynamically perceive network securitysituation about malicious codes. And then the user can take some measures to protectthe host in advance. On the micro level, a user can utilize the collective intelligencefrom friends in his egocentric network to improve his ability to counter maliciouscodes. On the macro level, a meshy collaborative defending scheme is formed bycollaborations among online users, which can improve the security of the wholenetwork.The synthetical social network formed by various IM (instant messaging) toolsis used as the platform to deploy network defending in the scheme, by which userscan collaborate with each other. Several different network defending schemes aretaken according to various propagation ways of malicious codes. All the schemes aredepended on each other, and collaborate closely to form an integrated defendingsystem. The main work can be summarized as follows.An algorithm on dynamic trust is proposed. In the algorithm, indirect trustvalues are calculated depending on direct trust values and trust chains in theegocentric network. As the relationships evolve, the dynamic trust values can be resulted from the interactions between user and his friends and trust transmission,which is the basis of the social computing-based defending system against maliciouscodes.To deal with the threat of malicious Web pages, a distributed defending schemeagainst malicious Web pages based on social computing is proposed. Besides themalicious URL list from third-party professional organizations, the dynamic trustbetween a certain user and his friends in social network is used to obtain evaluationsof Web pages. The experiences about Web surfing from his friends are collected toresult in synthetical evaluations on the local host. Each user is able to cooperate withhis friends, so that a meshy defending system is formed on overall perspective,which can reduce the visits of malicious Web pages.To restrain malicious codes spread through IM tools, a collaborative defendingscheme against IM worms based on social computing is proposed. The platform ofthe scheme is the synthetical IM tool. At a certain IM client, through utilizing thedynamic trusts between users, security experiences about Web pages and scanningresults from trusted users are merged together by social computing and humancomputation to produce collective intelligence and defend at the local host. Users cancooperate with their friends instantaneously to resist malicious codes which propagatethrough IM tools. Therefore, a distributed defending scheme against IM worms isconstructed.A scheme for constructing a secure P2P network is proposed. A double neighborlist is used to contain P2P worms which exploit the neighbor list on peers. Theneighbors of a peer are selected according to their resistance ability against worms,which make the node distribution in P2P network is more advantageous to resistworm attacks. And the neighbor selecting scheme is applied to the unstructured P2Psystem KaZaA. Next, the benign worm with a hitlist is generated to clean thecorresponding malicious worm and patch vulnerable peers in the P2P network. Thespread of the benign worm is also a distributed patching process. For the vulnerabilitywhich makes most peers vulnerable to the worm, an automatic patching based onsocial computing is proposed to deal with such kind of worms. The security server inP2P network can generate automatic patch to the vulnerability, and place the automatic patch to vulnerable peers selected previously. Then the patch propagates insocial network rapidly. Thus, the vulnerable P2P peers in social network are repaired.The double neighbor list is able to reduce the infected rate of vulnerable peers in P2Pnetworks. The benign worm can clean malicious worms and patch vulnerable peers.The automatic patching in social network can repair a large number peers withvulnerabilities in P2P networks. After that, the P2P network is secure to maliciouscodes.The three subsystems such as the defending scheme against malicious Webpages, the defending scheme against IM worms and the scheme of constructingsecure P2P network integrate, support and collaborate each other to form an integralwhole system against various malicious codes, and enhance the defendingperformance of the whole network.