Phagocytes: A Holistic Defense and Protection Against Active P2P Worms

Active Peer-to-Peer (P2P) worms present serious threats to the global Internet by exploiting popular P2P applications to perform rapid topological self-propagation. Active P2P worms pose more deadly threats than normal scanning worms because they do not exhibit easily detectable anomalies, thus many existing defenses are no longer effective. We propose an immunity system with Phagocytes — a small subset of elected P2P hosts that are immune with high probability and specialized in finding and “eating” worms in the P2P overlay. The Phagocytes will monitor their managed P2P hosts’ connection patterns and traffic volume in an attempt to detect active P2P worm attacks. Once detected, local isolation, alert propagation and software patching will take place for containment. The Phagocytes further provide the access control and filtering mechanisms for communication establishment between the internal P2P overlay and the external hosts. We design a novel adaptive and interaction-based computational puzzle scheme at the Phagocytes to restrain external worms attacking the P2P overlay, without influencing legitimate hosts’ experiences significantly. We implement a prototype system, and evaluate its performance based on realistic massive-scale P2P network traces. The evaluation results illustrate that our Phagocytes are capable of achieving a total defense against