论文信息 - A study of malware in peer-to-peer networks

A study of malware in peer-to-peer networks

Peer-to-peer (P2P) networks continue to be popular means of trading content. However, very little protection is in place to make sure that the files exchanged in these networks are not malicious, making them an ideal medium for spreading malware. We instrument two different open source P2P networks, Limewire and OpenFT, to examine the prevalence of malware in P2P networks. Our results from over a month of data show that 68% of all downloadable responses in Limewire containing archives and executables contain malware. The corresponding number for OpenFT is 3%. Also, most infections are from a very small number of distinct malware. In particular, in Limewire, the top three most prevalent malware account for 99% of all the malicious responses. The corresponding number for OpenFT is 75%. We also investigate the sources of malicious responses. To our surprise, 28% of all malicious responses in Limewire come from private address ranges. In OpenFT, the top virus, which accounts of 67% of all the malicious responses, is served by a single host. Further, our study provides a useful insight into filtering malware: filtering downloads based on the most commonly seen sizes of the most popular malware could block a large portion of malicious files with a very low rate of false positives. While current Limewire mechanisms detect only about 6% of malware containing responses, our size based filtering would detect over 99% of them.

Minaxi Gupta | Andrew J. Kalafut | Abhinav Acharya | A. Acharya | Minaxi Gupta

[1] David Moore,et al. Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[2] Stefan Saroiu,et al. Measurement and Analysis of Spyware in a University Environment , 2004, NSDI.

[3] Stefan Saroiu,et al. Measurement and analysis of spywave in a university environment , 2004 .

[4] Steve Chien,et al. A First Look at Peer-to-Peer Worms: Threats and Defenses , 2005, IPTPS.

[5] Xiaoning Ding,et al. Measurements, analysis, and modeling of BitTorrent-like systems , 2005, IMC '05.

[6] Krishna P. Gummadi,et al. Measurement, modeling, and analysis of a peer-to-peer file-sharing workload , 2003, SOSP '03.

[7] Vinod Yegneswaran,et al. Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[8] Wei Yu. Analyze the worm-based attack in large scale P2P networks , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[9] Rakesh Kumar,et al. The FastTrack overlay: A measurement study , 2006, Comput. Networks.

[10] Stefan Savage,et al. Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[11] Steven D. Gribble,et al. A Crawler-based Study of Spyware in the Web , 2006, NDSS.

[12] Hari Balakrishnan,et al. Malware prevalence in the KaZaA file-sharing network , 2006, IMC '06.

[13] Steven D. Gribble,et al. Cutting through the Confusion: A Measurement Study of Homograph Attacks , 2006, USENIX Annual Technical Conference, General Track.