Communications of the ACM
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Event detection from time series data
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
The Mathematics of Infectious Diseases
SIAM Review
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Serving DNS Using a Peer-to-Peer Lookup Service
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
[15] Peer-to-Peer Architecture Case Study: Gnutella Network
P2P '01 Proceedings of the First International Conference on Peer-to-Peer Computing
IEEE Security and Privacy
Measurement, modeling, and analysis of a peer-to-peer file-sharing workload
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2003 ACM workshop on Rapid malcode
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Epidemic profiles and defense of scale-free networks
Proceedings of the 2003 ACM workshop on Rapid malcode
Measuring and analyzing the characteristics of Napster and Gnutella hosts
Multimedia Systems
Analyzing peer-to-peer traffic across large networks
IEEE/ACM Transactions on Networking (TON)
Robust Aggregation Protocols for Large-Scale Overlay Networks
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Dynamic Quarantine of Internet Worms
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Preliminary results using scale-down to explore worm dynamics
Proceedings of the 2004 ACM workshop on Rapid malcode
High-Fidelity Modeling of Computer Network Worms
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
On instant messaging worms, analysis and countermeasures
Proceedings of the 2005 ACM workshop on Rapid malcode
Characterizing unstructured overlay topologies in modern P2P file-sharing systems
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense
Computer Communications
A distributed framework for passive worm detection and throttling in P2P networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Accountable file indexing against DDoS attacks in peer-to-peer networks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Fast quarantining of proactive worms in unstructured P2P networks
Journal of Network and Computer Applications
Modeling and Defending against Adaptive BitTorrent Worms in Peer-to-Peer Networks
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
| Hi-index | 0.00 |
Millions of Internet users are using large-scale peer-to-peer (P2P) networks to share content files today. Many other mission-critical applications, such as Internet telephony and Domain Name System (DNS), have also found P2P networks appealing due to their scalability and reliability properties. These P2P networks, however, could be leveraged by automatic-propagating Internet worms to quickly infect a large vulnerable population and inflict tremendous damages to information infrastructure and end systems.While much work has been done to study random-scanning worms, such as CodeRed and Slammer, we have less understanding of non-scanning worms that are potentially stealthy. In this paper, we identify three strategies a non-scanning worm could use to propagate through P2P systems. To understand their behaviors, we provide a workload-driven simulation framework to characterize these worms and identify the parameters influencing their propagations. The non-scanning nature allows P2P worms to evade many of today's detection methods aimed at random-scanning worms. We propose and evaluate an online detection algorithm against these P2P worms using statistical detection of change-points in streaming sensor data.