A potential approach of internet worm propagation based on P2P

Various kinds of active worms have been plunging into the network flows, which make the Internet security problem more serious. Our research on a potential propagation approach of active worms, P2P-based propagation approach, is given in this paper. To measure the propagating performance of our approach, the SEI (Susceptible-Exposed-Infected) propagation model is presented. It proves that with the idea of pure P2P architecture, worms can be hidden in the early stage of propagation, and then infect most of the hosts in a shorter period. By comparing our SEI propagation model with the Simple Epidemic Model, we observe that the size of a worm is a significant parameter which can affect the propagating performance. When the size of the worm becomes large, our approach can still show an excellent propagating performance.

[1]  Sihan Qing,et al.  A survey and trends on Internet worms , 2005, Comput. Secur..

[2]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.

[3]  Michael Y. Li,et al.  Global stability for the SEIR model in epidemiology. , 1995, Mathematical biosciences.

[4]  Sun-Myung Hwang P2P Protocol Analysis and Blocking Algorithm , 2005, ICCSA.

[5]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[6]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[7]  Scott Shenker,et al.  Complex Queries in Dht-based Peer-to-peer Networks , 2002 .

[8]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  I B Schwartz,et al.  Infinite subharmonic bifurcation in an SEIR epidemic model , 1983, Journal of mathematical biology.

[10]  Vern Paxson,et al.  Active mapping: resisting NIDS evasion without altering traffic , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[12]  Angelos D. Keromytis,et al.  The effect of DNS delays on worm propagation in an IPv6 Internet , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[13]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[14]  Dong Xuan,et al.  Peer-to-peer system-based active worm attacks: modeling and analysis , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.