Epidemic profiles and defense of scale-free networks
Proceedings of the 2003 ACM workshop on Rapid malcode
Modeling and performance analysis of BitTorrent-like peer-to-peer networks
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2005 ACM workshop on Rapid malcode
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Measurements, analysis, and modeling of BitTorrent-like systems
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
di-jest: Autonomic neighbour management for worm resilience in p2p systems
WOWMOM '08 Proceedings of the 2008 International Symposium on a World of Wireless, Mobile and Multimedia Networks
Modeling and analysis of self-stopping BTWorms using dynamic hit list in P2P networks
IPDPS '09 Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing
Modeling malware propagation in gnutella type peer-to-peer networks
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
Hi-index | 0.00 |
BitTorrent (BT) is one of the most common Peer-to-Peer (P2P) file sharing protocols. Rather than downloading a file from a single source, the protocol allows users to join a swarm of peers to download and upload from each other simultaneously. Worms exploiting information from BT servers or trackers can cause serious damage to participating peers, which unfortunately has been neglected previously. In this article, we first present a new worm, called Adaptive BitTorrent worm (A-BT worm), which finds new victims and propagates sending forged requests to trackers. To reduce its abnormal behavior, the worm estimates the ratio of infected peers and adaptively adjusts its propagation speed. We then build a hybrid model to precisely characterize the propagation behavior of the worm. We also propose a statistical method to automatically detect the worm from the tracker by estimating the variance of the time intervals of requests. To slow down the worm propagation, we design a safe strategy in which the tracker returns secured peers when receives a request. Finally, we evaluate the accuracy of the hybrid model, and the effectiveness of our detection method and containment strategy through simulations.