P2p Worm Defense Mechanism

Peer-to-Peer (P2P) worms have become one of some major threats to peer-to-peer network security nowadays. P2P worms have some ordinary features of internet worms, and can attack the goal nodes accurately by manipulating the router of infected nodes, getting information of their neighbors and constructing a target list. Due to P2P worms have stronger hidden feature and destructivity than ordinary internet worms, it is hard to detect and defense P2P worms with traditional network worm detection and defense technology. For resolving the above problem, this paper researches the P2P worm defense technology from the angle of defense Policy as well as considering the traits of P2P network.At first, this paper introduces the related concepts of internet worm and P2P worm, and surveys the principle of internet worm defense technology and existed P2P worm defense technology. Based on the above work, the main contribution of this paper is designing the Reactive Anti-worm Based Adaptive Defense Policy (RABADP) by improving normal reactive Anti-worms, and proposing the Distributed Region Based Defense Policy (DRBDP) in order to overcome the disadvantage of RABADP.RABADP is designed on the idea of P2P anti-worm counteract P2P virulent worm. In RABADP, P2P anti-worm is activated by virulent worms, and adaptively transferring to other P2P node, which doesn't depend on the resident place of P2P anti-worm and overcomes the network overload of active anti-worm. In RABADP, P2P anti-worm can immune more P2P node in short time under more strong controlment. This paper researches and analyzes the RABADP by various simulation experiments from the aspects of network topology, initial P2P anti-worm rate, initial P2P anti-worm resident place, P2P anti-worm TTL and the worm attack ability. The performances of simulation experiments results show that RABADP has good defense ability with low network consumption, but high re-immune network consumption.DRABA is designed on the idea of region detection, region immune and region defense. In DRABA, defense region is constructed by region leader. Ordinary nodes actively apply to join defense region and are selected as detector node under definite state. This paper also researches and analyzes the DRABA by various simulation experiments from the aspects of the defense Policy state, network topology, defense region number, detector node rate, region leader immune ability and joined defense region node number in unit time. The performances of simulation experiments results show that DRABA also has good immune ability with low network consumption, and overcomes the problem of RABADP, but as well as be influenced by the feature of node joining defense region.