Abstract
Peer-to-peer (P2P) worms exploit common vulnerabilities in member hosts of a P2P network and spread topologically in the P2P network, a potentially more effective strategy than random scanning for locating victims. This paper describes the danger posed by P2P worms and initiates the study of possible mitigation mechanisms. In particular, the paper explores the feasibility of a self-defense infrastructure inside a P2P network, outlines the challenges, evaluates how well this defense mechanism contains P2P worms, and reveals correlations between containment and the overlay topology of a P2P network. Our experiments suggest a number of design directions to improve the resilience of P2P networks to worm attacks.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Calvert, K., Doar, M., Zegura, E.: Modeling Internet topology. IEEE Communications Magazine (June 1997)
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, S.S.: Secure routing for structured peer-to-peer overlay networks. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), Boston, MA, USA, December 2002, pp. 299–314. USENIX (2002)
Chawathe, Y., Ratnasamy, S., Breslau, L., Lanham, N., Shenker, S.: Making Gnutella-like p2p systems scalable. In: Proceedings of SIGCOMM 2003, Karlsruhe, Germany, pp. 407–418. ACM, New York (2003)
Costa, M., Crowcroft, J., Castro, M., Rowstron, A.: Can we contain Internet worms? In: Proceedings of the 3rd Workshop on Hot Topics in Networks (HotNets-III) (November 2004)
Cox, L.P., Noble, B.D.: Honor among thieves in peer-to-peer storage. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA, pp. 120–132. ACM SIGOPS, ACM Press, New York (2003)
Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE/ACM (December 2004)
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. 25th Symposium on Security and Privacy. IEEE, Los Alamitos (2004)
Kim, H., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Kreibich, C., Crowcroft, J.: Honeycomb—creating intrusion detection signatures using Honeypots. In: Proc. of the 2nd Workshop on Hot Topics in Networks (HotNets-II) (November 2003)
Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: Proceedings of IEEE INFOCOM 2003. IEEE, Los Alamitos (2003)
Newsome, J., Song, D.: Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (February 2005) (to appear)
random nut. The PACKET 0’ DEATH FastTrack network vulnerability. NETSYS.COM Full Disclosure Mailing List Archives (May 2003), http://www.netsys.com/full-disclosure/2003/05/msg00351.html
Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proceedings of ACM SIGCOMM, San Diego, CA, USA, August 2001, pp. 161–172 (2001)
Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, p. 329. Springer, Heidelberg (2001)
Saroiu, S., Gribble, S.D., Levy, H.M.: Measurement and analysis of spyware in a university environment. In: Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA (March 2004)
Singh, S., Estan, C., Varghese, G., Savage, S.: The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761, UC San Diego (August 2003)
Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium (August 2002)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for Internet applications. In: Proc. ACM SIGCOMM, pp. 149–160 (2001)
Suh, G.E., Lee, J., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of ASPLOS XI, Boston, MA, USA, October 2004, pp. 85–96 (2004)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: The First ACM Workshop on Rapid Malcode (WORM) (2003)
Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Proc. 18th Annual Computer Security Applications Conference, Las Vegas, NV (December 2002)
Zhao, B.Y., Huang, L., Rhea, S.C., Stribling, J., Joseph, A.D., Kubiatowicz, J.D.: Tapestry: A global-scale overlay for rapid service deployment. IEEE Journal on Selected Areas in Communications (J-SAC) 22(1), 41–53 (2004)
Zhou, L., Schneider, F.B., van Renesse, R.: COCA: A secure distributed on-line certification authority. ACM Transactions on Computer Systems 20(4), 329–368 (2002)
Zou, C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for Internet worms. In: Proc. of the 10th ACM Conference on Computer and Communication Security (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M., Chien, S. (2005). A First Look at Peer-to-Peer Worms: Threats and Defenses. In: Castro, M., van Renesse, R. (eds) Peer-to-Peer Systems IV. IPTPS 2005. Lecture Notes in Computer Science, vol 3640. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11558989_3
Download citation
DOI: https://doi.org/10.1007/11558989_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29068-1
Online ISBN: 978-3-540-31906-1
eBook Packages: Computer ScienceComputer Science (R0)