Research On Virus Analysis And Detect In P2P Networks

As a distributed network architecture ,P2P networks changed C/S(Client/ Server)-based network architecture and been widely accepted by network users. However, the efficient file distribution mechanism of P2P networks brings convenience for the users and also accelerates the spread of virus in networks. Therefore, it is an important topic to P2P security that how to detect the virus in P2P networks.This dissertation firstly analyzed the principles of virus and their different characters between traditional networks and P2P networks. And what makes virus detection missed in P2P networks like eMule is that the file block mechanism of P2P may divide the virus signatures into different file blocks. Secondly, it analysis the probability of missed using quantitative methods and get the conclusion that the probability of missed have relations with the ratio of signature's length and size of file block. Thirdly, This dissertation also analyzed the advantages and disadvantages when traditional virus detection methods used in P2P networks. Some traditional methods, Flow Statistics for example, do not suit for P2P and analysis derived that signature-based virus detection method is an effective way to detect virus in P2P networks. So a signature-based block reorganization virus detection method for P2P networks was proposed. However, this method do not detect after reorganize all file blocks. Firstly, it detect the first coming block, while it has matched whit part of one virus signature, waiting for next block to detect again. In this way, it can efficiently overcome detection missed because of virus signature been divided into different blocks.Finally, the dissertation implements the detection system under Windows. In order to evaluate the performance of the system, it simulated in scenarios of different length and position in virus files of signatures, also test in eMule. The experiment results show that signature-based block reorganization virus detection method is an effective method to avoid detection missed in P2P networks.