Modeling and Defending against Adaptive BitTorrent Worms in Peer-to-Peer Networks

Authors:
Jiaqing Luo;Bin Xiao;Qingjun Xiao;Jiannong Cao;Minyi Guo
Affiliations:
University of Electronic Science and Technology of China;Hong Kong Polytechnic University;Hong Kong Polytechnic University;Hong Kong Polytechnic University;Shanghai Jiao Tong University
Venue:
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Year:
2014

Citing 9
Cited 0

Epidemic profiles and defense of scale-free networks

Proceedings of the 2003 ACM workshop on Rapid malcode
Modeling and performance analysis of BitTorrent-like peer-to-peer networks

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Self-stopping worms

Proceedings of the 2005 ACM workshop on Rapid malcode
Simulating non-scanning worms on peer-to-peer networks

InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Measurements, analysis, and modeling of BitTorrent-like systems

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
di-jest: Autonomic neighbour management for worm resilience in p2p systems

WOWMOM '08 Proceedings of the 2008 International Symposium on a World of Wireless, Mobile and Multimedia Networks
Modeling and analysis of self-stopping BTWorms using dynamic hit list in P2P networks

IPDPS '09 Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing
Modeling malware propagation in gnutella type peer-to-peer networks

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A first look at peer-to-peer worms: threats and defenses

IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

BitTorrent (BT) is one of the most common Peer-to-Peer (P2P) file sharing protocols. Rather than downloading a file from a single source, the protocol allows users to join a swarm of peers to download and upload from each other simultaneously. Worms exploiting information from BT servers or trackers can cause serious damage to participating peers, which unfortunately has been neglected previously. In this article, we first present a new worm, called Adaptive BitTorrent worm (A-BT worm), which finds new victims and propagates sending forged requests to trackers. To reduce its abnormal behavior, the worm estimates the ratio of infected peers and adaptively adjusts its propagation speed. We then build a hybrid model to precisely characterize the propagation behavior of the worm. We also propose a statistical method to automatically detect the worm from the tracker by estimating the variance of the time intervals of requests. To slow down the worm propagation, we design a safe strategy in which the tracker returns secured peers when receives a request. Finally, we evaluate the accuracy of the hybrid model, and the effectiveness of our detection method and containment strategy through simulations.