共查询到20条相似文献,搜索用时 15 毫秒
1.
Shu-Chiung Lin Patrick S. Chen Chia-Ching Chang 《Peer-to-Peer Networking and Applications》2014,7(4):645-654
Botnets are a serious threat to cyber-security. As a consequence, botnet detection has become an important research topic in network protection and cyber-crime prevention. P2P botnets are one of the most malicious zombie networks, as their architecture imitates P2P software. Characteristics of P2P botnets include (1) the use of multiple controllers to avoid single-point failure; (2) the use of encryption to evade misuse detection technologies; and (3) the capacity to evade anomaly detection, usually by initiating numerous sessions without consuming substantial bandwidth. To overcome these difficulties, we propose a novel data mining method. First, we identify the differences between P2P botnet behavior and normal network behavior. Then, we use these differences to tune the data-mining parameters to cluster and distinguish normal Internet behavior from that lurking P2P botnets. This method can identify a P2P botnet without breaking the encryption. Furthermore, the detection system can be deployed without altering the existing network architecture, and it can detect the existence of botnets in a complex traffic mix before they attack. The experimental results reveal that the method is effective in recognizing the existence of botnets. Accordingly, the results of this study will be of value to information security academics and practitioners. 相似文献
2.
3.
The open and anonymous nature of P2P allows peers to easily share their data and other resources among multiple peers, but
the absence of a defensible border raise serious security concerns for the users. There is a lack of accountability for the
content that is shared by peers and it is hard to distinguish malicious users from honest peers. Establishing Trust relationship
between peers can serve as the metric to determine the veracity of the shared content and reliability of the peers. Most of
the research work in this area is on Reputation based trust management where trust is determined on the basis of recommendation
of other peers. Such recommendations are subjective and can be biased. A number of peers can also collude to provide false
testimony for malicious peers. This paper proposes a novel Trust model that combines peer profiling with anomaly detection
technique. Each peer can establish trust based on its own prior activities with other peers by comparing the current activity
of a peer with its historical data and Genetic Algorithm (GA) has been employed to detect the anomalous behavior. Peer profile
is updated dynamically with every transaction using GA operator’s crossover and mutation. This model has been tested using
a file sharing application against common attacks and the results obtained are compared with statistical anomaly detection
approach. 相似文献
4.
P2P环境下基于层次域的全局信任模型研究 总被引:1,自引:0,他引:1
对等计信任模型是目前提高P2P系统安全性的一个重要方法.在分析各类信任模型的特点和节点行为特征的基础上,提出了一种基于层次域的全局信任模型,采用邻近原则和信任度划分节点域,并在此基础上加入了奖惩机制,具有较好的信任收敛度和对恶意行为的防范效果. 相似文献
5.
信任模型是目前提高Peer-to-Peer网络系统安全性的一个重要方法.在分析各类信任模型[1]的特点和节点行为特征的基础上,提出了一种基于层次域的全局信任模型,采用邻近原则和信任度[2]划分节点域,并在此基础上加入了奖惩机制,具有较好的信任收敛度和对恶意行为的防范效果. 相似文献
6.
文件污染是P2P文件共享系统面临的主要安全威胁之一。由于没有中心机构监督用户行为及其共享的内容,恶意节点可以通过P2P传播病毒,木马等恶意内容,这些行为严重影响了P2P文件共享的系统性能。本文对P2P文件污染的研究现状进行综述,调查现有P2P系统中存在的文件污染现象及防御方法,分析了目前防御机制面临的问题。 相似文献
7.
8.
Botnets are widely used by attackers and they have evolved from centralized structures to distributed structures. Most of the modern P2P bots launch attacks in a stealthy way and the detection approaches based on the malicious traffic of bots are inefficient. In this paper, an approach that aims to detect Peer-to-Peer (P2P) botnets is proposed. Unlike previous works, the approach is independent of any malicious traffic generated by bots and does not require bots’ information provided by external systems. It detects P2P bots by focusing on the instinct characteristics of their Command and Control (C&C) communications, which are identified by discovering flow dependencies in C&C traffic. After discovering the flow dependencies, our approach distinguishes P2P bots and normal hosts by clustering technique. Experimental results on real-world network traces merged with synthetic P2P botnet traces indicate that 1) flow dependency can be used to detect P2P botnets, and 2) the proposed approach can detect P2P botnets with a high detection rate and a low false positive rate. 相似文献
9.
10.
Detecting botnet behaviors in networks is a popular topic in the current research literature. The problem of detection of P2P botnets has been denounced as one of the most difficult ones, and this is even sounder when botnets use existing P2P networks infrastructure (parasite P2P botnets). The majority of the detection proposals available at present are based on monitoring network traffic to determine the potential existence of command-and-control communications (C&C) between the bots and the botmaster. As a different and novel approach, this paper introduces a detection scheme which is based on modeling the evolution of the number of peers sharing a resource in a P2P network over time. This allows to detect abnormal behaviors associated to parasite P2P botnet resources in this kind of environments. We perform extensive experiments on Mainline network, from which promising detection results are obtained while patterns of parasite botnets are tentatively discovered. 相似文献
11.
Sybil attack is one of the most challenging problems that plague current decentralized Peer-to-Peer(P2P) systems. In Sybil
attack, a single malicious user creates multiple peer identities known as sybils. These sybils are employed to target honest
peers and hence subvert the system. In this paper, we describe a novel solution that enables all honest peers to protect themselves
from sybils with high probability in large structured P2P systems. In our proposed sybil defense system, we associate every
peer with another non-sybil peer known as SyMon. A given peer’s SyMon is chosen dynamically such that the chances of both of them being sybils are very low. The chosen SyMon is entrusted with the responsibility of moderating the transactions involving the given peer and hence makes it almost impossible
for sybils to compromise the system. We show the effectiveness of our proposed system in defending against Sybil attack both
analytically and experimentally. In addition to this, we explore the feasibility of our proposed solution in two P2P applications:
reputation systems for P2P based file sharing applications and P2P applications susceptible to Denial-of-Service(DOS) attack,
systems known to be highly vulnerable to Sybil attack. In each of our case studies, we discuss possible ways in which our
solution can be employed to defend the system against Sybil attack. 相似文献
12.
为了降低P2P文件共享的交易风险,提高交易成功率,促进网络良性持续发展,构造了一种基于节点兴趣分组的信誉模型,并建立了与之相应的节点信誉计算方法、文件共享过程、访问控制策略。本模型借鉴人类社区的思想,利用节点兴趣聚簇的特性,避开现有的全局信任模型和局部信任模型的局限性,将节点按照所需资源的类型划分成兴趣组,以此达到提高资源定位率及交易成功率、增强网络安全的目的。通过模拟仿真和分析表明,本模型具有正确性、可行性的特点,并且较已有的信任模型在完备性和安全性等方面有较大改进,达到了预期的设计目标。 相似文献
13.
14.
针对当前僵尸网络向P2P方向发展的趋势,在对P2P僵尸网络本质的理解和把握的基础上,提出了一种新颖的P2P僵尸网络检测技术。对于某个被监视的网络,关注其内部每台主机的通信行为和网络恶意活动。把这些通信行为和网络恶意活动分类,找出具有相似或相关通信和网络恶意行为的主机。根据我们对定义的理解,这些主机就属于某个P2P僵尸网络。 相似文献
15.
16.
一种基于概率统计方法的P2P系统信任评价模型 总被引:4,自引:0,他引:4
现有的P2P系统信任评价模型正面临着两种恶意节点的攻击行为--策略性欺骗和不诚实推荐,严重影响了模型计算节点信任评价的准确性和有效性.针对现有模型存在的不足,提出了一种基于概率统计方法的信任评价模型.该模型借鉴人类社会中主观信任关系的概念,依据直接经验和反馈信息,利用概率统计方法分别计算节点的直接信任和推荐信任,并通过区分直接经验的重要程度,区分反馈信息及其推荐者的可信度,提高信任评价模型的有效性.仿真实验分析说明,与已有的信任评价模型相比,该模型能够更有效地抑制策略性欺骗和不诚实推荐的威胁,特别是复杂的协同作弊方式对系统的攻击. 相似文献
17.
Heng He Ruixuan Li Zhiyong Xu Weijun Xiao 《Peer-to-Peer Networking and Applications》2014,7(4):572-589
Network coding has been demonstrated to be able to improve the performance of P2P content distribution. However, it is vulnerable to pollution attacks where malicious peers can flood the network with corrupted blocks easily, leading to substantial performance degradation. Moreover, existing corruption detection schemes for network coding are not well suited to P2P systems. Effective scheme to detect the corruption and identify the attacker is required to thwart such attacks. In this paper, we propose an efficient ECC-based mechanism for securing network coding-based P2P content distribution, namely ESNC, which includes an efficient network coding signature scheme and an identity-based malicious peer identification scheme. The two schemes cooperate to thwart pollution attacks on network coding effectively in P2P networks, not only detecting corrupted blocks on-the-fly efficiently, but also precisely identifying all the malicious peers quickly. ESNC is mainly based on elliptic curve cryptography (ECC) and can provide high level of security. It incurs significantly less computation and communication overheads than other comparable state-of-the-art schemes for P2P systems. ESNC can work with arbitrary topologies, as it is the case in P2P networks. Security analysis demonstrates that ESNC can resist hash collision attacks, signature forgery attacks, and collusion attacks with arbitrary number of colluding malicious peers. Simulation results show that ESNC effectively limits the corruption spread and identifies all the malicious peers in a short time under different practical settings. 相似文献
18.
针对P2P网络内部的安全问题,提出了一种P2P网络基于直接交易信任和推荐信任的模型,运用了直接交易信息参数、推荐信息的评价可信度和动态平衡权值参数,较简单准确地描述了节点的综合信任值,在进行交易前与目标节点建立信任关系,能有效抑制恶意节点对网络中其他节点的恶意交易行为和评价欺骗,提高网络交易的安全性。 相似文献
19.
提出一种安全结构化对等网络的节点信誉管理机制。使用全局储存方式保存信誉度信息,将文件信誉与节点信誉相结合,避免恶意节点通过修改标识符伪装友好节点的行为。对文件共享系统中的基本操作过程进行分析。在各种节点行为下进行模拟实验,结果证明了该信誉管理机制的有效性。 相似文献