基于应用识别的P2P蠕虫检测

夏春和; 石昀平; 李肖坚

基于应用识别的P2P蠕虫检测

北京航空航天大学网络技术北京市重点实验室, 北京 100083

基金项目: 航空基金资助项目(03F51060); 北京市教委共建项目建设计划基金资助项目(SYS100060412); 国防基础科研资助项目

详细信息

作者简介:
夏春和(1965-),男,江苏海安人,教授,xch@buaa.edu.cn.

中图分类号: TP 393.08
计量
- 文章访问数: 3167
- HTML全文浏览量: 197
- PDF下载量: 993
- 被引次数: 0
出版历程
- 收稿日期: 2005-09-21
- 网络出版日期: 2006-08-31

P2P worm detection based on traffic classification and application identification

Key Laboratory of Beijing Network Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China

摘要

摘要: 对等网中基于漏洞传播的P2P蠕虫是严重的安全威胁.根据P2P蠕虫的传播特点,提出了一种P2P蠕虫检测方法PWD (P2P Worm Detection).PWD主要由基于应用识别技术的预处理和基于未知蠕虫检测技术的P2P蠕虫检测2部分组成,改进了干扰流量的识别和过滤规则,提出了P2P蠕虫检测规则,并引进博弈论的研究方法讨论了检测周期的选取问题.仿真结果和局域网环境下的实验结果都表明,PWD是检测P2P蠕虫和遏制其传播的有效方法.
- P2P蠕虫 /
- 蠕虫检测 /
- 应用识别
Abstract: P2P worm exploits common vulnerabilities in Peer-to-Peer networks. It is a severe security threat. A P2P worm detection method was presented, which called P2P worm detection(PWD) based on the worm′s propagation characteristics. PWD consists of a preprocess procedure which is based on application identification technology and a P2P worm detection procedure which is based on unknown worm detection technology. Improved heuristics was also advanced to identify and disturbing traffic was eliminated as well as heuristics to detect P2P worm. The selection of detection period was discussed by applying methodologies of game theory. Simulation result and LAN-scope experimental result both indicate that PWD is an effective method to detect and block P2P worm.
- P2P worm /
- worm detection /
- application identification

HTML全文

参考文献(1)

[1] Zhou L, Zhang L, McSherry F, et al. A first look at Peer-to-Peer worms:threats and defenses Proceedings of the Peer-to-Peer Systems 4th International Workshop. Ithaca ,2005:24-25 [2] Staniford S, Paxson V, Weaver N. How to own the internet in your spare time Proceedings of the 11th VSENZX Security Symposium. San Francisco:, 2002:149-167 [3] Kannan J. Implications of Peer-to-Peer networks on worm attacks and defenses . California:CS294-4 Project,2003 .http://www.cs.berkeley.edu/~kubitron/courses/cs294-4-F03/projects/karthik jayanth.pdf [4] Xia Chunhe, Shi Yunping, Li Xiaojian. Research on propagation models of P2P worm in structured Peer-to-Peer networks[J]. Chinese Journal of Computer,2006,6:952-959 [5] Kreibich C, Crowcroft J. Honeycomb in creating intrusion detection signatures using honeypots Proceedings of the USENIX/ACM Workshop on Hot Topics in Networking. Cambridge:ACM Press,2003 [6] Kim K, Karp B. Autograph:toward automated distributed worm signature detection Proceedings of the USENIX Security Symposium. California:Usenix Association, 2004:271-286 [7] Sumeet S, Cristian E, George V, et al. Automated worm fingerprinting Proc of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI). :Usenix Association, 2004:45-60 [8] Fraleigh C, Moon S, Lyles B, et al. Packet-level traffic measurements from the sprint IP backbone[J]. IEEE Network, 2003,17(6):6-16 [9] Choi T, Kim C, Yoon S, et al. Content-aware internet application traffic measurement and analysis IEEE/IFIP Network Operations & Management Symposium. New York:IEEE Communications Society,2004 [10] Krishnamurthy B, Wang J, Xie Y. Early measurements of a cluster-based architecture for P2P systems Proceedings of ACM Sigcomm Internet Measurement Workshop. New York:ACM Press,2001 [11] Sen S, Wang J. Analyzing Peer-to-Peer traffic across large networks . ACM/IEEE Transactions on Networking, 2004,12(2):219-232 [12] Karagiannis T, Broido A, Faloutsos M. Transport layer identification of p2p traffic ACM SIGCOMM/USENIX Internet Measurement Conference. Italy:ACM SIGCOMM, 2004 [13] Stoica I, Morris R, Karger D, et al. Chord:a scalable Peer-to-Peer lookup service for Internet applications Proceedings of the ACM SIGCOMM 2001 Conference. California:ACM SIGCOMM,2001:149-160

施引文献

资源附件(0)

访问统计