| Citation: | Xia Chunhe, Shi Yunping, Li Xiaojianet al. P2P worm detection based on traffic classification and application identification[J]. Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(08): 998-1002. (in Chinese)
|
P2P worm exploits common vulnerabilities in Peer-to-Peer networks. It is a severe security threat. A P2P worm detection method was presented, which called P2P worm detection(PWD) based on the worm′s propagation characteristics. PWD consists of a preprocess procedure which is based on application identification technology and a P2P worm detection procedure which is based on unknown worm detection technology. Improved heuristics was also advanced to identify and disturbing traffic was eliminated as well as heuristics to detect P2P worm. The selection of detection period was discussed by applying methodologies of game theory. Simulation result and LAN-scope experimental result both indicate that PWD is an effective method to detect and block P2P worm.
|
[1] Zhou L, Zhang L, McSherry F, et al. A first look at Peer-to-Peer worms:threats and defenses Proceedings of the Peer-to-Peer Systems 4th International Workshop. Ithaca ,2005:24-25[2] Staniford S, Paxson V, Weaver N. How to own the internet in your spare time Proceedings of the 11th VSENZX Security Symposium. San Francisco:, 2002:149-167[3] Kannan J. Implications of Peer-to-Peer networks on worm attacks and defenses . California:CS294-4 Project,2003 .[4] Xia Chunhe, Shi Yunping, Li Xiaojian. Research on propagation models of P2P worm in structured Peer-to-Peer networks[J]. Chinese Journal of Computer,2006,6:952-959[5] Kreibich C, Crowcroft J. Honeycomb in creating intrusion detection signatures using honeypots Proceedings of the USENIX/ACM Workshop on Hot Topics in Networking. Cambridge:ACM Press,2003[6] Kim K, Karp B. Autograph:toward automated distributed worm signature detection Proceedings of the USENIX Security Symposium. California:Usenix Association, 2004:271-286[7] Sumeet S, Cristian E, George V, et al. Automated worm fingerprinting Proc of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI). :Usenix Association, 2004:45-60[8] Fraleigh C, Moon S, Lyles B, et al. Packet-level traffic measurements from the sprint IP backbone[J]. IEEE Network, 2003,17(6):6-16[9] Choi T, Kim C, Yoon S, et al. Content-aware internet application traffic measurement and analysis IEEE/IFIP Network Operations & Management Symposium. New York:IEEE Communications Society,2004[10] Krishnamurthy B, Wang J, Xie Y. Early measurements of a cluster-based architecture for P2P systems Proceedings of ACM Sigcomm Internet Measurement Workshop. New York:ACM Press,2001[11] Sen S, Wang J. Analyzing Peer-to-Peer traffic across large networks . ACM/IEEE Transactions on Networking, 2004,12(2):219-232[12] Karagiannis T, Broido A, Faloutsos M. Transport layer identification of p2p traffic ACM SIGCOMM/USENIX Internet Measurement Conference. Italy:ACM SIGCOMM, 2004[13] Stoica I, Morris R, Karger D, et al. Chord:a scalable Peer-to-Peer lookup service for Internet applications Proceedings of the ACM SIGCOMM 2001 Conference. California:ACM SIGCOMM,2001:149-160
|
Copyright © Journal of Beijing University of Aeronautics and Astronautics
Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@buaa.edu.cn
Supported by:
Beijing Renhe Information Technology Co., Ltd.
DownLoad: