Proactive P2p Worm Propagation Model And Containment Technology

Peer-to-Peer (P2P) technique was proposed in the late nineties last century and it has achieved great development for about ten years. Not long ago, P2P traffic took the place of WEB traffic as the dominant network traffic in the Internet. P2P technique has been made use of in the field of real-time voice and video, instant messages etc but it was reckoned as only a useful vehicle for file sharing in early years. The emergence of a lot of new security problems can impute to the rapid development of the P2P technique and the increase of the P2P services. P2P worm is a kind of worm which can spread by P2P network and it becomes a severe threat to the Internet since P2P worms spread much faster and are more difficult to detect and constrain than un-P2P worms. Proactive P2P worm is a kind of P2P worms which spread fastest and devastate network services and infrastructure most seriously.The propagation model of proactive P2P worm has been preliminarily learned and these researches prompt the common users'cognition of the principle and hazard of proactive P2P worm. But these models have a common shortcoming more or less: excessively simplify the practical factors which can impact worm propagation. As a result, these models are not competent to accurately simulate the behavior and propagation trend of the proactive P2P worm. Investigations in the late years show that the majority of the current detection and constraint techniques only aim at un-P2P worms, thus these techniques may not adapt to proactive P2P worms. Consequently, the current detection and constraint techniques do not satisfy the false positive and false negative demands. This paper researches the propagation model and constraint techniques of the proactive P2P worm. There are three major contributions of this paper as follows:1. We propose a four factor proactive P2P worm propagation model. This paper indicates that there are four factors which can obviously impact the propagation of the proactive P2P worm: network topology, countermeasures taken by users and Internet Services Providers (ISPs), configuration diversity of network nodes and attack/defense strategies. Based on these four factors, we propose a discrete time model and emphasize the quantitative analysis of the impact to the proactive P2P worm propagation which is brought by the four factors and the change of any parameters of the model. Experiments demonstrate that our four factor model is better to simulate the behavior and propagation trend of the proactive P2P worm than the other models. Moreover, this paper indicates that there are two methods can slow down the proactive P2P worm efficiently: increase the configuration diversity of the network nodes and protect the critical nodes from compromising.2. This paper is an attempt to constrain the proactive P2P worm by auto authentication technique. The main idea of this technique is that it is available to baffle worm propagation by accurately authenticating P2P communication participants. This technique is independent of worm detection results and it is able to thoroughly constrain all known and unknown proactive P2P worms in real time so much as to cut off worm propagation in the extreme. This paper dwells on the analysis of the principle, progress and properties of this technique. The analysis shows that our auto authentication technique is better than the other techniques for its real time feature and accuracy.3. We design three secure protocols to implement the auto authentication technique. This paper elaborates on these three protocols and proves the security of the three protocols strictly based on the Strand Space model. As a result, we conclude that these three protocols are able to resist common attacks.