Modeling and Defending against Adaptive BitTorrent Worms in Peer-to-Peer Networks
Article No.: 5, Pages 1 - 17
Abstract
BitTorrent (BT) is one of the most common Peer-to-Peer (P2P) file sharing protocols. Rather than downloading a file from a single source, the protocol allows users to join a swarm of peers to download and upload from each other simultaneously. Worms exploiting information from BT servers or trackers can cause serious damage to participating peers, which unfortunately has been neglected previously. In this article, we first present a new worm, called Adaptive BitTorrent worm (A-BT worm), which finds new victims and propagates sending forged requests to trackers. To reduce its abnormal behavior, the worm estimates the ratio of infected peers and adaptively adjusts its propagation speed. We then build a hybrid model to precisely characterize the propagation behavior of the worm. We also propose a statistical method to automatically detect the worm from the tracker by estimating the variance of the time intervals of requests. To slow down the worm propagation, we design a safe strategy in which the tracker returns secured peers when receives a request. Finally, we evaluate the accuracy of the hybrid model, and the effectiveness of our detection method and containment strategy through simulations.
References
[1]
Barbera, M., Lombardo, A., Schembra, G., and Tribastone, M. 2005. A markov model of a freerider in a bittorrent p2p network. In Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM’05). Vol. 2. 985--989.
[2]
Briesemeister, L., Lincoln, P., and Porras, P. 2003. Epidemic profiles and defense of scale-free networks. In Proceedings of the ACM CCS Workshop on Rapid Malcode (WORM’03).
[3]
Chen, G. and Gray, R. S. 2006. Simulating non-scanning worms on peer-to-peer networks. In Proceedings of the 1st International Conference on Scalable Information Systems (INFOSCALE’06).
[4]
Douglas, M., Micael, P., and Evangelos, K. 2008. di-jest: Autonomic neighbour management for worm resilience in p2p systems. In Proceedings of the International Symposium World of Wireless, Mobile and Multimedia Networks (WoWMoM’08). 1--6.
[5]
Engle, M. and Khan, J. I. 2006. Vulnerabilities of p2p systems and a critical look at their solutions. Tech. rep., Internetworking and Media Communications Research Laboratories, Department of Computer Science, Kent State University.
[6]
Ernesto. 2009. Bittorrent still king of p2p traffic. Torrentfreak.
[7]
Freitas, F., Rodrigues, R., Ribeiro, C., Ferreira, P., and Rodrigues, L. 2007. Verme: Worm containment in peer-to-peer overlays. In Proceedings of the 6th International Workshop on Peer-to-Peer Systems (IPTPS’07).
[8]
Guo, L., Chen, S., Xiao, Z., Tan, E., Ding, X., and Zhang, X. 2005. Measurements, analysis, and modeling of bittorrent-like systems. In Proceedings of the Internet Measurement Conference. (IMC’05). 35--48.
[9]
Jesi, G. P. and Patarin, S. 2005. PeerSim HOWTO: Build a new protocol for the PeerSim 1.0 simulator. Peersim.surcefge.net.
[10]
Khiat, N., Carlinet, Y., and Agoulmine, N. 2006. The emerging threat of peer-to-peer worms. In Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM’06).
[11]
Luo, J., Xiao, B., Liu, G., Xiao, Q., and Zhou, S. 2009. Modeling and analysis of self-stopping bt worms using dynamic hit list in p2p networks. In Proceedings of the 5th International Workshop on Security in Systems and Networks (SSN’09).
[12]
Ma, J., Voelker, G. M., and Savage, S. 2005. Self-stopping worms. In Proceedings of the ACM Workshop on Rapid Malcode (WORM’05). ACM, New York, 12--21.
[13]
Ma, J., Chen, X., and Xiang, G. 2006. Modeling passive worm propagation in peer-to-peer system. In Proceedings of the International Conference on Computational Intelligence and Security (CIS’06). 1129--1132.
[14]
Qiu, D. and Srikant, R. 2004. Modeling and performance analysis of Bittorrent-like peer-to-peer networks. In Proceedings of the ACM SIGCOMM Conference on Data Communication (SIGCOMM’04). 367--378.
[15]
Ramachandran, K. and Sikdar, B. 2006. Modeling malware propagation in gnutella type peer-to-peer networks. In Proceedings of the Parallel and Distributed Processing Symposium.
[16]
Singer, M. 2002. “Benjamin” worm plagues Kazaa. Tech. rep., siliconvalley.internet.com.
[17]
Tang, Y., Luo, J., Xiao, B., and Wei, G. 2009. Concept, characteristics and defending mechanism of worms. IEICE Trans. Inf. Syst. E92-D, 5, 799--809.
[18]
Thommes, R. and Coates, M. 2006. Epidemiological modeling of peer-to-peer viruses and pollution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’06).
[19]
Vamosi, R. 2001. Gnutella worm: How to deal with it. http://www.zdnet.com/gnutella-worm-how-to-deal-with-it-3002084706/.
[20]
Wu, K. and Feng, Y. 2006. Proactive worm prevention based on p2p networks. Int. J. Comput. Sci. Netw. Security, 6.
[21]
Yao, Y., Luo, X., Gao, F., and Ai, S. 2006. Research of a potential worm propagation model based on pure p2p principle. In Proceedings of the International Conference on Communication Technology (ICCT’06). 1--4.
[22]
Yao, Y., Wu, L., Gao, F., Yang, W., and Yu, G. 2008. A waw model of p2p-based anti-worm. In Proceedings of the IEEE International Conference on Networking, Sensing and Control (ICNSC’08). 1131--1136.
[23]
Zhou, L., Zhang, L., Mcsherry, F., Immorlica, N., Costa, M., and Chien, S. 2005. A first look at peer-to-peer worms: Threats and defenses. In Proceeding of the 4th International Workshop on Peer-to-Peer Systems (IPTPS’05).
[24]
Zhou, Y., Wu, Z., Wang, H., Zhong, J., Feng, Y., and Zhu, Z. 2006. Breaking monocultures in p2p networks for worm prevention. In Proceedings of the 5th International Conference on Machine Learning and Cybernetics (ICMLC’06).
Index Terms
- Modeling and Defending against Adaptive BitTorrent Worms in Peer-to-Peer Networks
Recommendations
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06: Proceedings of the 1st international conference on Scalable information systemsMillions of Internet users are using large-scale peer-to-peer (P2P) networks to share content files today. Many other mission-critical applications, such as Internet telephony and Domain Name System (DNS), have also found P2P networks appealing due to ...
Peer to Peer Networks for Defense Against Internet Worms
Internet worms, which spread in computer networks without human mediation, pose a severe threat to computer systems today. The rate of propagation of worms has been measured to be extremely high and they can infect a large fraction of their potential ...
Worm propagation modeling and analysis under dynamic quarantine defense
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcodeDue to the fast spreading nature and great damage of Internet worms, it is necessary to implement automatic mitigation, such as dynamic quarantine, on computer networks. Enlightened by the methods used in epidemic disease control in the real world, we ...
Comments
Information & Contributors
Information
Published In
March 2014
121 pages
ISSN:1556-4665
EISSN:1556-4703
DOI:10.1145/2597760
- Editors:
- Manish Parashar,
- Franco Zambonelli
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 March 2014
Accepted: 01 February 2010
Revised: 01 December 2009
Received: 01 March 2009
Published in TAAS Volume 9, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Funding Sources
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 356Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in