Research Article
Simulating non-scanning worms on peer-to-peer networks
@INPROCEEDINGS{10.1145/1146847.1146876, author={Guanling Chen and Robert S. Gray}, title={Simulating non-scanning worms on peer-to-peer networks}, proceedings={1st International ICST Conference on Scalable Information Systems}, publisher={ACM}, proceedings_a={INFOSCALE}, year={2006}, month={6}, keywords={}, doi={10.1145/1146847.1146876} }
- Guanling Chen
Robert S. Gray
Year: 2006
Simulating non-scanning worms on peer-to-peer networks
INFOSCALE
ACM
DOI: 10.1145/1146847.1146876
Abstract
Millions of Internet users are using large-scale peer-to-peer (P2P) networks to share content files today. Many other mission-critical applications, such as Internet telephony and Domain Name System (DNS), have also found P2P networks appealing due to their scalability and reliability properties. These P2P networks, however, could be leveraged by automatic-propagating Internet worms to quickly infect a large vulnerable population and inflict tremendous damages to information infrastructure and end systems.While much work has been done to study random-scanning worms, such as CodeRed and Slammer, we have less understanding of non-scanning worms that are potentially stealthy. In this paper, we identify three strategies a non-scanning worm could use to propagate through P2P systems. To understand their behaviors, we provide a workload-driven simulation framework to characterize these worms and identify the parameters influencing their propagations. The non-scanning nature allows P2P worms to evade many of today's detection methods aimed at random-scanning worms. We propose and evaluate an online detection algorithm against these P2P worms using statistical detection of change-points in streaming sensor data.