| As the Internet continues to develop, it is under Internet worm's threat since the outbreak of Morris worm in 1988. The Internet has already been closely related to national security, economic and daily life, making the threat of worm even bigger. P2P worms utilize the topology of P2P network, gaining a better propagation effect compared with traditional random scanning worm. The active P2P worm is the most destructive P2P worm. Chord overlay network is a kind of structured P2P network. The worm propagation in Chord network is very special.Recently, Internet worm is more sophisticated, extremely fast spreading and detection evadable. Worm outbreak is unpredictable, explosive and world-wide. Anomaly-based detection is the trend against Internet worms. The author proposes a propagation model for active P2P worm in Chord network, which fits the structure of Chord overlay. Simulation study proves that this model is able to describe the propagation of active P2P worm in Chord network well. Further simulations about the propagation of active P2P worm in typical structured P2P networks are carried out. The simulations show the effect of network settings against worm propagation, proving that structured P2P network is a nice environment for worm propagation. A sampling-analysis-based P2P worm detection method is proposed and realized. The method obtains sampling nodes by deploying information nodes in structured P2P network. The Bayesian-formula-based detection algorithm gathers FFQ report from information nodes to determine the FFQ anomaly level. Warning would be issued while FFQ anomaly level exceeds certain threshold. Simulation shows that the detection method is able to instantly detect the outbreak of active P2P worm in structured P2P network. |
PDF Full Text Request