基于P2P的新型良性蠕虫传播策略

提出一种采用P2P的良性蠕虫传播策略,建立了数学模型,在理论上分析各项参数对其传播情况的影响,并使用SSFNET网络仿真工具对传播模型进行了仿真。仿真结果证明,P2P良性蠕虫可以有效地在授权网络中抑制恶意蠕虫的传播,P2P覆盖的平均度数越高,初始投放数量越多,投放时间越早,P2P良性蠕虫传播就越快。P2P良性蠕虫继承了P2P覆盖网络的特点,使其传播的稳定性、可控性更好,并具有更低的消耗。     

被动型P2P蠕虫后期传播分析

复杂多变的网络环境使传统的蠕虫传播模型不能真实地反映被动型P2P蠕虫后期传播规律。针对该问题,通过建立蠕虫传播模型和仿真实验分析,揭示被动型P2P蠕虫后期传播的主要特征。结果表明,不修补漏洞的P2P节点数量和恢复系统后P2P节点及时修补漏洞的概率都与被动型P2P蠕虫传播有紧密的联系,在安全意识较低的网络环境中被动型P2P蠕虫可以持续传播。     

P2P系统中非扫描型蠕虫研究

数以百万计的网络用户使用P2P网络来共享文件。但在P2P网络中,蠕虫则感染了大量的漏洞主机,并对信息设施和终端系统带来巨大的破坏。该文分析了P2P体系结构内在的风险,阐明了P2P蠕虫所带来的威胁,并且列举了威胁P2P网络的3种非扫描类型的螭虫:被动式蠕虫,反应式蠕虫和主动式蠕虫。鉴于这种情况,该文提出了一种能够减轻P2P蠕虫威胁的对策。     

蠕虫在P2P网络中的传播研究

P2P蠕虫是利用P2P机制进行传播的恶意代码。通过P2P节点的共享列表，蠕虫很容易获得攻击目标的信息，所以其爆发时传播速度很快，这种大量的快速传播导致的直接后果是网络阻塞。该文分析蠕虫在P2P网络中的传播原理，在经典病毒传播模型基础上提出了考虑带宽及治愈响应起始时间因素的蠕虫传播模型，从带宽饱和与阻塞两个方面分析带宽对蠕虫传播的影响，在此基础上分析了蠕虫的防御措施。通过模拟实验，该模型能够较真实地描述蠕虫大规模爆发时引起带宽拥塞的情况。     

结构化对等网中的P2P蠕虫传播模型研究

基于结构化对等网路由表构造方法,抽象出描述P2P节点空间结构特征的命题并加以证明,将命题结论引入蠕虫传播规律的推导过程,使其转化成新问题并加以解决.建立了P2P蠕虫在三种典型结构化对等网中的传播模型,给出刻画P2P蠕虫传播能力的函数,并揭示了覆盖网拓扑对蠕虫传播的负面影响.所有模型都通过了仿真实验的验证.     

P2P网络中被动型蠕虫的扩散与仿真研究

本文对P2P网络共享的特性和被动型蠕虫的传播特点进行了剖析．并基于模型试验结果的基础上举出了3个分别针对于蠕虫传描的模型。     

动态环境下的主动蠕虫攻击分析

鉴于当前很少有传播模型充分考虑到P2P节点动态特征对主动蠕虫攻击的影响, 提出两个动态环境下的主动蠕虫传播模型。分析了主动蠕虫两种常见的攻击方式, 给出了相应攻击背景下的节点状态转换过程, 在综合考虑P2P节点动态特征的基础上提出了两种主动蠕虫传播模型, 并对所提出的模型进行了数值分析, 探讨动态环境下影响主动蠕虫传播速度的关键因素。实验结果表明, 通过提高P2P节点的离线率和免疫力可以有效地抑制主动蠕虫对P2P网络的攻击。     

Defending passive worms in unstructured P2P networks based on healthy file dissemination

Propagation of passive worms in unstructured peer-to-peer (P2P) networks can result in significant damages and the loss of network security. This paper obtains the average delay for all peers in the entire transmitting process, and proposes a mathematical model for simulating unstructured P2P networks-based passive worms' propagation taking into account network throughput. According to the file popularity which follows the Zipf distribution, we propose a new healthy file dissemination-based defense strategy. Some parameters related to the propagation of passive worms are studied based on the proposed model. Finally, the simulation results verify the effectiveness of our model, which can provide an important guideline in the control of passive worms in unstructured P2P networks.     

P2P干预式蠕虫传播仿真分析*

对P2P干预式主动型蠕虫的传播机制进行了研究,指出其传播主要包括四个阶段:信息收集,攻击渗透、自我推进与干预激活。研究发现,P2P干预式蠕虫实际是一种拓扑蠕虫,能利用邻居节点信息准确地确定攻击目标,而且攻击非常隐蔽。采用仿真的方法研究了P2P相关参数对P2P干预式蠕虫传播的影响。仿真实验表明,潜伏主机激活率对干预式蠕虫传播的影响最大,而攻击率对干预式蠕虫传播的影响较小。     

基于良性益虫的对等网络蠕虫防御技术

对等网络蠕虫利用对等网络的固有特征(如本地路由表、应用层路由等),不仅复制快,而且提供了更好的隐蔽性和传播性,因而其危害大,防御困难。从分析互联网蠕虫及其传播机制入手,对对等网络上的蠕虫(即P2P蠕虫)及其特殊性进行了综合分析。在此基础之上,提出了基于良性益虫的被动激活主动传播防御策略(PAIFDP),并对该策略的技术原理和响应防御系统的功能模块等进行了详细设计。以Peersim仿真平台为基础,对各种不同网络参数下的防御效果和资源消耗情况进行了实验分析。结果表明,基于良性益虫的P2P蠕虫防御技术具有收敛时间快、网络资源消耗少、适应性强等特点。     

Contagion蠕虫传播仿真分析

Contagion 蠕虫利用正常业务流量进行传播,不会引起网络流量异常,具有较高的隐蔽性,逐渐成为网络安全的一个重要潜在威胁.为了能够了解Contagion蠕虫传播特性,需要构建一个合适的仿真模型.已有的仿真模型主要面向主动蠕虫,无法对Contagion蠕虫传播所依赖的业务流量进行动态模拟.因此,提出了一个适用于Contagion蠕虫仿真的Web和P2P业务流量动态仿真模型,并通过选择性抽象,克服了数据包级蠕虫仿真的规模限制瓶颈,在通用网络仿真平台上,实现了一个完整的Contagion蠕虫仿真系统.利用该系统,对Contagion蠕虫传播特性进行了仿真分析.结果显示:该仿真系统能够有效地用于Contagion蠕虫传播分析.     

P2P网络中沉默型蠕虫传播建模与分析

蠕虫给Internet带来巨大威胁,给作为Internet覆盖网的P2P网络带来的威胁更大,这主要是由P2P网络本身的特点决定的(就是这些特点为用户带来巨大方便).考虑到威胁P2P网络的3种蠕虫中沉默型蠕虫传播模型还没有被提出(其他2种分别为被动型蠕虫和主动型蠕虫)和沉默型蠕虫的巨大危害性,提出了沉默型蠕虫的传播模型和免疫模型,并基于该模型推导出了沉默型蠕虫不会流行的条件.为了考查各个P2P参数对蠕虫传播的影响和从实践上验证推导出的蠕虫不会流行的条件,使用Matlab进行了大量仿真实验.实验表明,理论推导出的蠕虫不会流行的条件是正确的;实验还进一步表明,蠕虫的流行程度是由流行指数来决定的,这为提出蠕虫控制策略提供了依据.通过对决定流行指数的几个参数的分析表明,在发现蠕虫时迅速降低下载率是补丁发布前控制蠕虫最有效的办法.     

P2P worm detection based on application identification

P2P worm exploits common vulnerabilities and spreads through peer-to-peer networks. Despite being recognized as a potential and deadly threat to the Internet recently, few relevant countermeasures are found in extant literature. Once it breaks out, a P2P worm could result in unpredictable losses. Based on propagation characteristics of the worm, this paper presents a detection method called PWD (P2P Worm Detection), which is designed based on application identification and unknown worm detection. Simulation result and LAN-environment experiment result both indicate that PWD is an effective method to detect and block P2P worms. Translated from Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(8): 998–1002 [译自: 北京航空航天大学学报]     

FPM: Four-factors Propagation Model for passive P2P worms

At present, P2P worm poses a serious threat to the Internet infrastructure and common users since it spreads extremely fast and is hard to be detected in early stage. In this paper, we propose a Four-factors Propagation Model (FPM) for passive P2P worms. There are two major contributions of this paper. Firstly, we take four critical factors—address hiding, configuration diversity, online/offline behaviors and download duration into consideration. As far as we know, the first two factors have not been considered in existing models yet. Secondly, we explicitly derive the differential equations of our FPM. Then worm behaviors in steady state are researched in depth by numerical methods. The following simulations give two suggestions for worm quarantining. On one hand, worms can be slowed down by increasing the proportion of hosts with internal addresses. One the other, breaking the configuration monocultures of hosts is an efficient way to contain worms.     

Defending against the propagation of active worms

Active worms propagate across networks by employing the various target discovery techniques. The significance of target discovery techniques in shaping a worm’s propagation characteristics is derived from the life cycle of a worm. The various target discovery techniques that could be employed by active worms are discussed. It is anticipated that future active worms would employ multiple target discovery techniques simultaneously to greatly accelerate their propagation. To accelerate a worm’s propagation, the slow start phase in the worm’s propagation must be shortened by letting the worm infect the first certain percentage of susceptible hosts as soon as possible. Strategies that future active worms might employ to shorten the slow start phase in their propagation are studied. Their respective cost-effectiveness is assessed. A novel active defense mechanism is proposed, which could be an emerging solution to the active worm problem. Our major contributions in this article are first, we found the combination of target discovery techniques that can best accelerate the propagation of active worms; second, we proposed several strategies to shorten a worm’s slow start phase in its propagation and found the cost-effective hit-list size and average size of internally generated target lists; third, we proposed a novel active defense mechanism and evaluated its effectiveness; and fourth, we proposed three novel discrete time deterministic propagation models of active worms.     

Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation

Benign worms have been attracting wide attention in the field of worm research due to the proactive defense against the worm propagation and patch for the susceptible hosts. In this paper, two revised Worm?CAnti-Worm (WAW) models are proposed for cloud-based benign worm countermeasure. These Re-WAW models are based on the law of worm propagation and the two-factor model. One is the cloud-based benign Re-WAW model to achieve effective worm containment. Another is the two-stage Re-WAW propagation model, which uses proactive and passive switching defending strategy based on the ratio of benign worms to malicious worms. This model intends to avoid the network congestion and other potential risks caused by the proactive scan of benign worms. Simulation results show that the cloud-based Re-WAW model significantly improves the worm propagation containment effect. The cloud computing technology enables rapid delivery of massive initial benign worms, and the two stage Re-WAW model gradually clears off the benign worms with the containment of the malicious worms.     

对等网络蠕虫建模与分析

对等网络蠕虫是威胁对等网络乃至Internet安全的一个重要问题。针对蠕虫扩散过程和对等网络拓扑的特点，构造了对等网络蠕虫传播模型；以Gnutella网络为研究实例，获取其拓扑快照数据，用以模拟蠕虫在Gnutella网络中的传播过程，从而验证模型的有效性，衡量对等网络蠕虫对P2P网络的危害。     

大规模P2P网络下蠕虫攻击的研究

P2P下蠕虫的传播将是未来蠕虫发展的方向,分析P2P系统中蠕虫传播的现状,给出其扫描策略,并通过分析蠕虫的扫描算法,定义了两个蠕虫传播模型,并在此基础给出综合的防治策略。     

一种P2P环境下点割集的被动分布式发现算法

P2P系统的可靠性主要取决于覆盖网节点问的连通性，而割点和小规模点割集对网络连通性的危害很大，它们的失效或离开能使覆盖网变得四分五裂。本文提出一种P2P环境下点割集的被动分布式发现算法，在无法获得网络全局信息的情况下，节点仅依靠对收到消息的统计和分析就能够自主判断自己是否为割点或属于2点割，并采取相应措施消除其为系统带来的不稳定因素。该算法准确性高、开销低，割集消除对提高覆盖网可靠性的效果显著。     

P2P蠕虫遏制方法的研究与建模

传统的蠕虫遏制方法无法及时地遏制P2P蠕虫。针对该问题,提出一种基于P2P良性蠕虫的快速遏制方法。P2P良性蠕虫利用P2P软件漏洞进行自动传播,能够清除恶性蠕虫并修补软件漏洞,从而彻底阻断恶性蠕虫的传播渠道。对该遏制方法进行数学建模,给出相应的离散差分数学模型。仿真实验验证,该方法遏制效果好且对网络资源消耗少。