Information Technology Reference
In-Depth Information
7.6 P2P Worm Propagation
Worm propagation over a P2P network has been considered as a highly
damaging threat [Xie and Zhu, 2007]. The reason is that the spreading of
worms over a P2P network is based on a topological approach—once a certain
peer is compromised by a worm, its routing table information can be ex-
ploited to specifically target active neighboring peers, without relying on the
“traditional” scanning approach. Xie and Zhu [Xie and Zhu, 2007] proposed a
heuristic method to combat worm propagation in a P2P network. First, they
proposed to proactively select a set of immune peers for blocking the worm.
The selection can be based on different schemes. Xie and Zhu considered a
partition-based scheme in which the immune peers are chosen in a way that
they partition the overlay graph into many nearly balanced sub-graphs. The
immune peers in each sub-graph are responsible for blocking the worm in their
own regions. They also considered a Connected Dominating Set-(CDS-) based
approach in which a security patch is sent to a set of un-infected peers. The
set of peers form a dominating set in that every peer not in the subset is
adjacent to at least one peer in the subset. A crux in these two schemes is
that some “security servers,” external to the P2P network, have to carry out
the selection task and the security patch delivery.
From another perspective, researchers also consider using a P2P network to
combat an outbreak of Internet worms. For instance, Shakkottai and Srikant
[Shakkottai and Srikant, 2007] investigated the fundamental insight about
propagation of worms under active defense by a P2P network. They derived
expressions of orders of magnitude of parameters, such as worm propagation
time, maximum number of infected hosts, and patching time. The expressions
are based on the following parameters:
•N : total number of hosts in the system;
•β: the maximum rate at which the worm can spread, known as the
virulence of the worm, expressed as the number of infections per unit
time;
•γ: the ratio of the maximum rate of patch propagation to worm's viru-
lence;
•I
N
: the number of infected hosts when the patch is released; and
•P
N
: the number of dedicated patch servers.
For example, for a worm like Code-Red, the susceptible population is about
360,000 hosts and the number of infections per hour β = 1.8 [Staniford et al.,
2002].
Shakkottai and Srikant [Shakkottai and Srikant, 2007] showed that with
a fixed number of patch servers, the maximum number of infected hosts is
Search WWH ::
Custom Search