Presentation is loading. Please wait.

Presentation is loading. Please wait.

2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.

Published byJoanna Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications."— Presentation transcript:

1 2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications 31 (2008)

2 2 2016/3/13 Outlines Introduction Modeling P2P-based active worm attacks Analyzing P2P-based active worm attacks Defending against P2P-based active worm attacks Performance evaluation Final remarks

3 Introduction Automatically propagate themselves and compromise hosts in the Internet. Traditional worms predominantly adopt the random- based scan approach to propagate. A more powerful worm attack strategy is the hit-list strategy, which collects a list of IP addresses prior to the attack to improve success rate of infection. P2P systems can be a potential vehicle for the attacker. 3 2016/3/13

4 Modeling P2P-based active worm attacks In general, there are two stages in an active worm attack: (1) scanning the network to select victim hosts; (2) infecting the victim after discovering its vulnerability. Pure Random Scan (PRS)  Only 24% of addresses in the Internet space are used. 4 2016/3/13

5 Offline P2P-based hit-list scan (OPHLS) The attacker collects IP address information of the P2P system offline. We denote this as the hit-list of the attacker. After obtaining the hit-list,, there are two phases of attack model: First, all newly infected hosts continuously attack the hit-list until all hosts in the hit-list have been scanned (called the P2P system attack phase). In the second phase, all infected hosts continue to attack the Internet via PRS. 5 2016/3/13

6 Online P2P-based scan (OPS) The host immediately launches the attack on its P2P neighbors as a high priority (using 60% of its attack capability), and attack the rest of the Internet with its remaining capability (40%) via PRS. Note that there are two types of P2P systems: structured and unstructured.  In the OPHLS model, it is the same in both types of systems, since the attacker predetermines the hit-list before attacks.  In the OPS model, the number of neighbors is quite different. 6 2016/3/13

7 Model parameters (1) P2P system size:  A Super-P2P system.  The size is the total number of users, denoted as m. The remaining hosts are a part of the Non-P2P system. (2) P2P structured/unstructured topology:  Structured: all P2P nodes maintain the similar number of neighbors (average topology degree is ).  Unstructured: is the mean value of topology degree, is a constant for a given, and denotes the power law degree. 7 2016/3/13

8 8

9 9

10 Analyzing P2P-based active worm attacks In the OPHLS attack model, Recursive formulas: 10 2016/3/13

11 Analyzing P2P-based active worm attacks In the OPS attack model, 11 2016/3/13

12 Defending against P2P-based active worm attacks Defense framework:  Control center: it can be a system deployed node, or a stable P2P node itself.  A number of volunteer defense hosts: worm detection and response.  Threshold-based and trend-based worm detection schemes.  Threshold-based scheme: simple and easy to apply,but high false alarm rates. 12 2016/3/13

13 Performance evaluation  SYS:  ATT:, where OPSS & OPUS: the Online P2P-based scan attack model for the structured and unstructured P2P system.  DE:, where WB: denotes results obtained using simulations for the which one attack model. D: Trend-based detection (D1), Threshold-based detection(D2) 13 2016/3/13

14 Worm Attack Performance Comparision of All Attack Models 14 2016/3/13

15 The Sensitivity of Attack Performance to P2P System Size 15 2016/3/13

16 The Sensitivity of Attack Performance to P2P Topology Degree 16 2016/3/13 OPSS(degree #)

17 The Sensitivity of Attack Performance to P2P Host Vulnerability 17 2016/3/13

18 The Sensitivity of Defense Performance to Different Attack Models 18 2016/3/13

19 Sensitivity of Detection Time to Defense Host Ratio 19 2016/3/13

20 Sensitivity of Detection Time to Defense Region Size 20 2016/3/13 The defense region size g denotes a region with a group of P2P defense hosts within g P2P hops from the region leader.

21 Region False Alarm Rate vs. Host False Alarm Rate 21 2016/3/13

22 Final remarks P2P systems are gaining rapid popularity in the Internet. We believe that P2P-based active worm attacks are very dangerous threats for rapid worm propagation and infection. Model and analyze P2P-based active worm propagation. Design effective defense strategies against them. An offline P2P-based hit-list attack model (OPHLS) and an online P2P-based attack model (OPS). 22 2016/3/13

Download ppt "2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications."

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.

Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
A Study on Mobile P2P Systems Hongyu Li. Outline  Introduction  Characteristics of P2P  Architecture  Mobile P2P Applications  Conclusion.

A Study on Mobile P2P Systems Hongyu Li. Outline  Introduction  Characteristics of P2P  Architecture  Mobile P2P Applications  Conclusion.
Active Worm and Its Defense1 CSE651: Network Security.

Active Worm and Its Defense1 CSE651: Network Security.

Similar presentations

Ads by Google