A Feasibility Study on Defending Against Ultra-Fast TopologicalWorms

Self-propagating worms have been terrorizing the Internet for several years and they are becoming imminent threats to large-scale Peer-to-Peer (P2P) systems featuring rich host connectivity and popular data services. In this paper, we consider topological worms, which exploit P2P host vulnerabilities and topology information to spread in an ultra-fast way. We study the feasibility of leveraging the existing P2P overlay structure for distributing automated security patches to vulnerable machines. Two approaches are examined: a partition-based approach, which utilizes immunized hosts to proactively stop worm spread in the overlay graph, and a Connected Dominating Set(CDS)-based approach, which utilizes a group of dominating nodes in the overlay to achieve fast patch dissemination in a race with the worm. We demonstrate through analysis and simulations that both methods can result in effective worm containment.

[1]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[3]  Sencun Zhu,et al.  Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification , 2006, SecureComm.

[4]  Ian T. Foster,et al.  Mapping the Gnutella Network: Properties of Large-Scale Peer-to-Peer Systems and Implications for System Design , 2002, ArXiv.

[5]  Samir Khuller,et al.  Approximation Algorithms for Connected Dominating Sets , 1996, Algorithmica.

[6]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[7]  Arthur L. Liestman,et al.  Approximating minimum size weakly-connected dominating sets for clustering mobile ad hoc networks , 2002, MobiHoc '02.

[8]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[9]  Sushil Jajodia,et al.  Efficient Security Mechanisms for Overlay Multicast-Based Content Distribution , 2005, ACNS.

[10]  Steve Chien,et al.  A First Look at Peer-to-Peer Worms: Threats and Defenses , 2005, IPTPS.

[11]  Daniel Stutzbach,et al.  Characterizing unstructured overlay topologies in modern P2P file-sharing systems , 2008, TNET.

[12]  Shanshan Song,et al.  Collaborative Internet Worm Containment , 2005, IEEE Secur. Priv..

[13]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[14]  Brian Kernighan,et al.  An efficient heuristic for partitioning graphs , 1970 .

[15]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[16]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[17]  Vipin Kumar,et al.  A Fast and High Quality Multilevel Scheme for Partitioning Irregular Graphs , 1998, SIAM J. Sci. Comput..

[18]  Ayalvadi J. Ganesh,et al.  On the effectiveness of automatic patching , 2005, WORM '05.

[19]  Ellen W. Zegura,et al.  How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[20]  Shay Kutten,et al.  Fast distributed construction of k-dominating sets and applications , 1995, PODC '95.