Skip to main content
SpringerLink
Log in

P2P worm detection based on application identification

  • Research Article
  • Published:
Frontiers of Computer Science in China Aims and scope Submit manuscript

Abstract

P2P worm exploits common vulnerabilities and spreads through peer-to-peer networks. Despite being recognized as a potential and deadly threat to the Internet recently, few relevant countermeasures are found in extant literature. Once it breaks out, a P2P worm could result in unpredictable losses. Based on propagation characteristics of the worm, this paper presents a detection method called PWD (P2P Worm Detection), which is designed based on application identification and unknown worm detection. Simulation result and LAN-environment experiment result both indicate that PWD is an effective method to detect and block P2P worms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Moore D, Hebeler J. Peer-to-Peer. Osborne: McGraw-Hill, 2001

    Google Scholar 

  2. Staniford S, Paxson V, Weaver N. How to own the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, 2002, 149–167

  3. http://www.f-secure.com/v-descs/p2pworm.shtml

  4. Joukov N, Chiueh T. Internet worms as internet-wide threat. Technical Report. Stony Brook University, 2003

  5. http://virusall.com/wormlat2.shtml

  6. Zhou L, Zhang L, McSherry F., et al. A first look at Peer-to-Peer worms: threats and defenses. In: Proceeding of IPTPS 2005

  7. Kannan J, Lakshminarayanan K. Implications of Peer-to-Peer networks on worm attacks and defenses, 2004. http://www.cs.berkeley.edu/:_kubitron/courses/cs294-4-F03/projects/karthik_jayanth.pdf

  8. Xia C H, Shi Y P, Li X J. Research on propagation models of P2P worm in structured Peer-to-Peer networks. Chin J Comput (In press)

  9. Staniford S. Containment of scanning worms in enterprise networks Comput. Secur, 2004, 35–58

  10. Jung J, Paxson V, Berger A W, et al. Fast portscan detection using sequential hypothesis testing. In: Proceedings of 2004 IEEE Symposium on Security and Privacy, 2004, 211–225

  11. Levin J, LaBella R, Owen H, et al. The use of Honeynets to detect exploited systems across large enterprise networks. In: Proceedings of the 2003 IEEE Workshop on Information Assurance, June 2003, 92–99

  12. George W D, Samuel T K, Sukru C, et al. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In: Proceedings of the 2002 Symposium on Operating Systems Design and Implementation, Boston, 2002, 277–309

  13. Provos N A. Virtual honeypot framework, Proceedings of 13th USENIX Security Symposium, San Diego, CA, 2004, 1–14

  14. Cisco Systems, Inc. Cisco security agent ROI: deploying intrusion protection agents on the endpoint, Whitepaper

  15. Rabek J C, Khazan R I, Lewandowski S M, et al. Detection of injected, dynamically generated, and obfuscated malicious Code. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, 2003, 76–82

  16. Wang H J, Guo C, Simon D R, et al. Shield: vulnerability-driven network filters for preventing known vulnerability exploits. In: Proceedings of the ACM SIGCOMM Conference, 2004, 193–204

  17. Kreibich C, Crowcroft J. Honeycomb in creating intrusion detection signatures using Honeypots. ACM SIGCOMM Comput Commun Rev, 2004, 34(1): 51–56

    Article  Google Scholar 

  18. Kim K A, Karp B. Autograph: toward automated distributed worm signature detection. In: Proceedings of the USENIX Security Symposium, 2004, 271–286

  19. Singh S, Estan C, Varghese G, et al. The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761, CSE Department, UCSD, 2003

  20. Singh S, Estan C, Varghese G, et al. Automated worm fingerprinting. In: Proceedings of OSDI’04, 2004, 45–60

  21. Rabin M O. Fingerprinting by random polynomials. Technical Report 15–81. Center for Research in Computing Technology, Harvard University, 1981

  22. Moore D, Keys K, Koga R, et al. CoralReef software suite as a tool for system and network administrators. In: Proceedings of the LISA 2001 15th Systems Administration Conference, 2001, 133–144

  23. Fraleigh, C, Moon S, Lyles B, et al. Packet-level traffic measurements from the sprint IP backbone. IEEE Network, 2003, 17(6): 6–16

    Article  Google Scholar 

  24. Moore A W, Papagiannaki K. Toward the accurate identification of network applications. In: Proceedings of Passive & Active Measurement Workshop 2005 (PAM2005), Boston, MA, 2005, 41–54

  25. Kim M S, Won Y J, Hong J W. Application-Level traffic monitoring and an analysis on IP networks. ETRI J., 2005, 27(1): 22–42

    Google Scholar 

  26. Choi T, Kim C, Yoon S, et al. Content-aware Internet application traffic measurement and analysis. In: Proceedings of IEEE/IFIP Network Operations & Management Symposium (NOMS), 2004

  27. Krishnamurthy B, Wang J, Xie Y. Early measurements of a cluster-based architecture for P2P systems. In: Proceedings of ACM Sigcomm Internet Measurement Workshop, 2001, 105–109

  28. Sen S, Wang J. Analyzing Peer-to-Peer traffic across large networks. In: Proceedings of ACM/IEEE Transactions on Networking, 2004, 219–232

  29. Sen S, Spatscheck O, Wang D M. Accurate, scalable innetwork identification of P2P traffic using application signatures. In: Proceedings of the 13th International Conference on World Wide Web, New York, 2004, 512–521

  30. Karagiannis T, Broido A, Faloutsos M, et al. Transport layer identification of p2p traffic In: Proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference (IMC 2004), Italy, 2004, 121–134

  31. Myserson R B. Game Theory: Analysis of Conflict. Cambridge and London: Harvard University Press, 1997

    Google Scholar 

  32. Stoica I, Morris R, Karger D, et al. Chord: a scalable peer-to-peer lookup service for Internet applications In: Proceedings of ACM SIGCOMM, 2001, 149–160

Download references

Author information

Authors and Affiliations

  1. School of Computer Science & Engineering, Beihang University, Beijing, 100083, China

    Xia Chunhe, Shi Yunping, Li Xiaojian & Gao Wei

Authors
  1. Xia Chunhe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shi Yunping
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li Xiaojian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gao Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xia Chunhe.

Additional information

Translated from Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(8): 998–1002 [译自: 北京航空航天大学学报]

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xia, C., Shi, Y., Li, X. et al. P2P worm detection based on application identification. Front. Comput. Sc. China 1, 114–122 (2007). https://doi.org/10.1007/s11704-007-0010-7

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-007-0010-7

Keywords

Search

Navigation