Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly ...Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly analyzes and obtains the average delay for all peers in the whole transmitting process due to the limitation of network throughput, and then proposes a mathematical model for the propagation of passive worms over the unstructured P2P networks. The model mainly takes the effect of the network throughput into account, and applies a new healthy files dissemination-based defense strategy according to the file popularity which follows the Zipf distribution. The simulation results show that the propagation of passive worms is mainly governed by the number of hops, initially infected files and uninfected files. The larger the number of hops, the more rapidly the passive worms propagate. If the number of the initially infected files is increased by the attackers, the propagation speed of passive worms increases obviously. A larger size of the uninfected file results in a better attack performance. However, the number of files generated by passive worms is not an important factor governing the propagation of passive worms. The effectiveness of healthy files dissemination strategy is verified. This model can provide a guideline in the control of unstructured P2P networks as well as passive worm defense.展开更多
Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and con- nected. The Internet will ex...Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and con- nected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster tl^an a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network mod- el, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which descries the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation.展开更多
In order to take precaution and cure against intemet of vehicles (IOV) worm propagation in expressway, the IOV worm propagation and its corresponding anti-worm strategy were studied in expressway interchange termina...In order to take precaution and cure against intemet of vehicles (IOV) worm propagation in expressway, the IOV worm propagation and its corresponding anti-worm strategy were studied in expressway interchange terminal. According to omnirange driving in expressway interchange terminal and vehicular mobile communication environment, an IOV worm propagation model is constructed; and then according to the dynamic propagation law and destructiveness of IOV worm in this environment, a novel hybrid anti-worm strategy for confrontation is designed. This worm propagation model can factually simulates the IOV worm propagation in this interchange terminal environment; and this hybrid anti-worm strategy can effectively control IOV worm propagation in the environment, moreover, it can reduce the influence on network resource overhead.展开更多
This paper analyzes the characteristics of the Peer-to-Peer (P2P) active worm and its attacking mechanism, and then proposes a mathematical model of propagation of the P2P active worm applying Epidemiology. Based on...This paper analyzes the characteristics of the Peer-to-Peer (P2P) active worm and its attacking mechanism, and then proposes a mathematical model of propagation of the P2P active worm applying Epidemiology. Based on the analysis on the protocols of realistic P2P systems, a software which can be used to simulate the P2P network environment and the propagation of P2P active worm is imple- mented in this paper. A large number of simulation experiments are performed using the developed simulation software. The results from these simulation experiments validate the proposed model, which means that the model can be used to analyze the spreading behaviors of the P2P active worm and predict its trend.展开更多
Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated th...Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.展开更多
基金National Natural Science Foundation of China (No.60633020 and No. 90204012)Natural Science Foundation of Hebei Province (No. F2006000177)
文摘Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly analyzes and obtains the average delay for all peers in the whole transmitting process due to the limitation of network throughput, and then proposes a mathematical model for the propagation of passive worms over the unstructured P2P networks. The model mainly takes the effect of the network throughput into account, and applies a new healthy files dissemination-based defense strategy according to the file popularity which follows the Zipf distribution. The simulation results show that the propagation of passive worms is mainly governed by the number of hops, initially infected files and uninfected files. The larger the number of hops, the more rapidly the passive worms propagate. If the number of the initially infected files is increased by the attackers, the propagation speed of passive worms increases obviously. A larger size of the uninfected file results in a better attack performance. However, the number of files generated by passive worms is not an important factor governing the propagation of passive worms. The effectiveness of healthy files dissemination strategy is verified. This model can provide a guideline in the control of unstructured P2P networks as well as passive worm defense.
基金supported by the Ministry of Education Research Project for Returned Talents after Studying Abroadthe Ministry of Education Project of Science and Technology Basic Resource Data Platform(No.507001)+1 种基金International Scientific and Technological Cooperation Program(S2010GR0902)Chinese Universities Scientific Fund(2009RC0502)
文摘Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and con- nected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster tl^an a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network mod- el, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which descries the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation.
基金Project(61005008) supported by the National Natural Science Foundation of ChinaProject(JI300D004) supported by the COSTIND Application Foundation of China
文摘In order to take precaution and cure against intemet of vehicles (IOV) worm propagation in expressway, the IOV worm propagation and its corresponding anti-worm strategy were studied in expressway interchange terminal. According to omnirange driving in expressway interchange terminal and vehicular mobile communication environment, an IOV worm propagation model is constructed; and then according to the dynamic propagation law and destructiveness of IOV worm in this environment, a novel hybrid anti-worm strategy for confrontation is designed. This worm propagation model can factually simulates the IOV worm propagation in this interchange terminal environment; and this hybrid anti-worm strategy can effectively control IOV worm propagation in the environment, moreover, it can reduce the influence on network resource overhead.
文摘This paper analyzes the characteristics of the Peer-to-Peer (P2P) active worm and its attacking mechanism, and then proposes a mathematical model of propagation of the P2P active worm applying Epidemiology. Based on the analysis on the protocols of realistic P2P systems, a software which can be used to simulate the P2P network environment and the propagation of P2P active worm is imple- mented in this paper. A large number of simulation experiments are performed using the developed simulation software. The results from these simulation experiments validate the proposed model, which means that the model can be used to analyze the spreading behaviors of the P2P active worm and predict its trend.
基金Partially supported by the Teaching and Research Award for Outstanding Young Teachers in High Education Institutions of MOE, China (No.200065).
文摘Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.
