Peer-to-peer system-based active worm attacks: Modeling, analysis and defense

0140-3664/$ see front matter 2008 Elsevier B.V. A doi:10.1016/j.comcom.2008.08.008 * Corresponding author. Tel.: +1 214 208 5951. E-mail addresses: [email protected] (W. Yu), ch pan), [email protected] (X. Wang), xuan@cs Active worms continue to pose major threats to the security of today’s Internet. This is due to the ability of active worms to automatically propagate themselves and compromise hosts in the Internet. Due to the recent surge of peer-to-peer (P2P) systems with large numbers of users and rich connectivity, P2P systems can be a potential vehicle for the attacker to achieve rapid worm propagation in the Internet. In this paper, we tackle this issue by modeling and analyzing active worm propagation on top of P2P systems, and designing effective defense strategies within P2P systems to suppress worm propagation. In particular: (1) we define two P2P-based active worm attack models: an offline P2P-based hit-list attack model and an online P2P-based attack model; (2) we conduct a detailed analysis on the impacts of worm propagation on top of P2P-based systems, and study the sensitivity of worm propagation to various P2P system and attack-related parameters; (3) finally, we propose defense strategies within the P2P system to combat worms. Based on extensive numerical analysis and simulation data, we demonstrate that P2Pbased active worm attacks can significantly enhance worm propagation, and important P2P related parameters (system size, topology degree, host vulnerability, etc.) have significant impacts on worm spread. We also find that our proposed defense strategies can effectively combat worms by rapidly detecting and immunizing infected hosts. 2008 Elsevier B.V. All rights reserved.