peer to peer system based active worm attacks modeling analysis and defense n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense PowerPoint Presentation
Download Presentation
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense

Loading in 2 Seconds...

play fullscreen
1 / 22

Peer-to-peer system-based active worm attacks: Modeling, analysis and defense - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Peer-to-peer system-based active worm attacks: Modeling, analysis and defense. Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan. Computer Communications 31 (2008). Outlines. Introduction Modeling P2P-based active worm attacks Analyzing P2P-based active worm attacks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Peer-to-peer system-based active worm attacks: Modeling, analysis and defense' - aqua


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
peer to peer system based active worm attacks modeling analysis and defense
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense

Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan

Computer Communications 31 (2008)

outlines
Outlines
  • Introduction
  • Modeling P2P-based active worm attacks
  • Analyzing P2P-based active worm attacks
  • Defending against P2P-based active worm attacks
  • Performance evaluation
  • Final remarks
introduction
Introduction

Automatically propagate themselves and compromise hosts in the Internet.

Traditional worms predominantly adopt the random-based scan approach to propagate.

A more powerful worm attack strategy is the hit-list strategy, which collects a list of IP addresses prior to the attack to improve success rate of infection.

P2P systems can be a potential vehicle for the attacker.

modeling p2p based active worm attacks
Modeling P2P-based active worm attacks
  • In general, there are two stages in an active worm attack:

(1) scanning the network to select victim hosts;

(2) infecting the victim after discovering its vulnerability.

  • Pure Random Scan (PRS)
    • Only 24% of addresses in the Internet space are used.
offline p2p based hit list scan ophls
Offline P2P-based hit-list scan (OPHLS)

The attacker collects IP address information of the P2P system offline. We denote this as the hit-list of the attacker.

After obtaining the hit-list,, there are two phases of attack model:

First, all newly infected hosts continuously attack the hit-list until all hosts in the hit-list have been scanned (called the P2P system attack phase).

In the second phase, all infected hosts continue to attack the Internet via PRS.

online p2p based scan ops
Online P2P-based scan (OPS)
  • The host immediately launches the attack on its P2P neighbors as a high priority (using 60% of its attack capability), and attack the rest of the Internet with its remaining capability (40%) via PRS.
  • Note that there are two types of P2P systems: structured and unstructured.
    • In the OPHLS model, it is the same in both types of systems, since the attacker predetermines the hit-list before attacks.
    • In the OPS model, the number of neighbors is quite different.
model parameters
Model parameters
  • (1) P2P system size:
    • A Super-P2P system.
    • The size is the total number of users, denoted as m. The remaining hosts are a part of the Non-P2P system.
  • (2) P2P structured/unstructured topology:
    • Structured: all P2P nodes maintain the similar number of neighbors (averagetopology degree is ).
    • Unstructured: is the mean value of topology degree, is a constant for a given , and denotes the power law degree.
analyzing p2p based active worm attacks
Analyzing P2P-based active worm attacks

In the OPHLS attack model,

Recursive formulas:

defending against p2p based active worm attacks
Defending against P2P-based active worm attacks
  • Defense framework:
    • Control center: it can be a system deployed node, or a stable P2P node itself.
    • A number of volunteer defense hosts: worm detection and response.
    • Threshold-based and trend-based worm detection schemes.
    • Threshold-based scheme: simple and easy to apply,but high false alarm rates.
performance evaluation
Performance evaluation
  • <SYS; ATT; DE>
    • SYS:
    • ATT: , where OPSS & OPUS: the Online P2P-based scan attack model for the structured and unstructured P2P system.
    • DE: , where WB: denotes results obtained using simulations for the which one attack model.D: Trend-based detection (D1), Threshold-based detection(D2)
sensitivity of detection time to defense region size
Sensitivity of Detection Time to Defense Region Size

The defense region size g denotes a region with a group of P2P defense hosts within g P2P hops from the region leader.

final remarks
Final remarks

P2P systems are gaining rapid popularity in the Internet. We believe that P2P-based active worm attacks are very dangerous threats for rapid worm propagation and infection.

Model and analyze P2P-based active worm propagation.

Design effective defense strategies against them.

An offline P2P-based hit-list attack model (OPHLS) and an online P2P-based attack model (OPS).