Abstract
BitTorrent (BT) is one of the most common Peer-to-Peer (P2P) file sharing protocols. Rather than downloading a file from a single source, the protocol allows users to join a swarm of peers to download and upload from each other simultaneously. Worms exploiting information from BT servers or trackers can cause serious damage to participating peers, which unfortunately has been neglected previously. In this article, we first present a new worm, called Adaptive BitTorrent worm (A-BT worm), which finds new victims and propagates sending forged requests to trackers. To reduce its abnormal behavior, the worm estimates the ratio of infected peers and adaptively adjusts its propagation speed. We then build a hybrid model to precisely characterize the propagation behavior of the worm. We also propose a statistical method to automatically detect the worm from the tracker by estimating the variance of the time intervals of requests. To slow down the worm propagation, we design a safe strategy in which the tracker returns secured peers when receives a request. Finally, we evaluate the accuracy of the hybrid model, and the effectiveness of our detection method and containment strategy through simulations.
- Barbera, M., Lombardo, A., Schembra, G., and Tribastone, M. 2005. A markov model of a freerider in a bittorrent p2p network. In Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM’05). Vol. 2. 985--989.Google Scholar
- Briesemeister, L., Lincoln, P., and Porras, P. 2003. Epidemic profiles and defense of scale-free networks. In Proceedings of the ACM CCS Workshop on Rapid Malcode (WORM’03). Google Scholar
Digital Library
- Chen, G. and Gray, R. S. 2006. Simulating non-scanning worms on peer-to-peer networks. In Proceedings of the 1st International Conference on Scalable Information Systems (INFOSCALE’06). Google Scholar
Digital Library
- Douglas, M., Micael, P., and Evangelos, K. 2008. di-jest: Autonomic neighbour management for worm resilience in p2p systems. In Proceedings of the International Symposium World of Wireless, Mobile and Multimedia Networks (WoWMoM’08). 1--6. Google Scholar
Digital Library
- Engle, M. and Khan, J. I. 2006. Vulnerabilities of p2p systems and a critical look at their solutions. Tech. rep., Internetworking and Media Communications Research Laboratories, Department of Computer Science, Kent State University.Google Scholar
- Ernesto. 2009. Bittorrent still king of p2p traffic. Torrentfreak.Google Scholar
- Freitas, F., Rodrigues, R., Ribeiro, C., Ferreira, P., and Rodrigues, L. 2007. Verme: Worm containment in peer-to-peer overlays. In Proceedings of the 6th International Workshop on Peer-to-Peer Systems (IPTPS’07).Google Scholar
- Guo, L., Chen, S., Xiao, Z., Tan, E., Ding, X., and Zhang, X. 2005. Measurements, analysis, and modeling of bittorrent-like systems. In Proceedings of the Internet Measurement Conference. (IMC’05). 35--48. Google Scholar
Digital Library
- Jesi, G. P. and Patarin, S. 2005. PeerSim HOWTO: Build a new protocol for the PeerSim 1.0 simulator. Peersim.surcefge.net.Google Scholar
- Khiat, N., Carlinet, Y., and Agoulmine, N. 2006. The emerging threat of peer-to-peer worms. In Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM’06).Google Scholar
- Luo, J., Xiao, B., Liu, G., Xiao, Q., and Zhou, S. 2009. Modeling and analysis of self-stopping bt worms using dynamic hit list in p2p networks. In Proceedings of the 5th International Workshop on Security in Systems and Networks (SSN’09). Google Scholar
Digital Library
- Ma, J., Voelker, G. M., and Savage, S. 2005. Self-stopping worms. In Proceedings of the ACM Workshop on Rapid Malcode (WORM’05). ACM, New York, 12--21. Google Scholar
Digital Library
- Ma, J., Chen, X., and Xiang, G. 2006. Modeling passive worm propagation in peer-to-peer system. In Proceedings of the International Conference on Computational Intelligence and Security (CIS’06). 1129--1132.Google Scholar
- Qiu, D. and Srikant, R. 2004. Modeling and performance analysis of Bittorrent-like peer-to-peer networks. In Proceedings of the ACM SIGCOMM Conference on Data Communication (SIGCOMM’04). 367--378. Google Scholar
Digital Library
- Ramachandran, K. and Sikdar, B. 2006. Modeling malware propagation in gnutella type peer-to-peer networks. In Proceedings of the Parallel and Distributed Processing Symposium. Google Scholar
Digital Library
- Singer, M. 2002. “Benjamin” worm plagues Kazaa. Tech. rep., siliconvalley.internet.com.Google Scholar
- Tang, Y., Luo, J., Xiao, B., and Wei, G. 2009. Concept, characteristics and defending mechanism of worms. IEICE Trans. Inf. Syst. E92-D, 5, 799--809.Google Scholar
Cross Ref
- Thommes, R. and Coates, M. 2006. Epidemiological modeling of peer-to-peer viruses and pollution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’06).Google Scholar
- Vamosi, R. 2001. Gnutella worm: How to deal with it. http://www.zdnet.com/gnutella-worm-how-to-deal-with-it-3002084706/.Google Scholar
- Wu, K. and Feng, Y. 2006. Proactive worm prevention based on p2p networks. Int. J. Comput. Sci. Netw. Security, 6.Google Scholar
- Yao, Y., Luo, X., Gao, F., and Ai, S. 2006. Research of a potential worm propagation model based on pure p2p principle. In Proceedings of the International Conference on Communication Technology (ICCT’06). 1--4.Google Scholar
- Yao, Y., Wu, L., Gao, F., Yang, W., and Yu, G. 2008. A waw model of p2p-based anti-worm. In Proceedings of the IEEE International Conference on Networking, Sensing and Control (ICNSC’08). 1131--1136.Google Scholar
- Zhou, L., Zhang, L., Mcsherry, F., Immorlica, N., Costa, M., and Chien, S. 2005. A first look at peer-to-peer worms: Threats and defenses. In Proceeding of the 4th International Workshop on Peer-to-Peer Systems (IPTPS’05). Google Scholar
Digital Library
- Zhou, Y., Wu, Z., Wang, H., Zhong, J., Feng, Y., and Zhu, Z. 2006. Breaking monocultures in p2p networks for worm prevention. In Proceedings of the 5th International Conference on Machine Learning and Cybernetics (ICMLC’06).Google Scholar
Index Terms
Modeling and Defending against Adaptive BitTorrent Worms in Peer-to-Peer Networks
Recommendations
Distributed proximity-aware peer clustering in bittorrent-like peer-to-peer networks
EUC'06: Proceedings of the 2006 international conference on Embedded and Ubiquitous ComputingIn this paper, we propose a hierarchical architecture for grouping peers into clusters in a large-scale BitTorrent-like underlying overlay network in such a way that clusters are evenly distributed and that the peers within are relatively close ...
Worm propagation modeling and analysis under dynamic quarantine defense
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcodeDue to the fast spreading nature and great damage of Internet worms, it is necessary to implement automatic mitigation, such as dynamic quarantine, on computer networks. Enlightened by the methods used in epidemic disease control in the real world, we ...
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06: Proceedings of the 1st international conference on Scalable information systemsMillions of Internet users are using large-scale peer-to-peer (P2P) networks to share content files today. Many other mission-critical applications, such as Internet telephony and Domain Name System (DNS), have also found P2P networks appealing due to ...






Comments