Peer-to-Peer (P2P) botnet has emerged as one of the most serious threats to lnternet security. To effectively elimi- nate P2P botnet, a delayed SEIR model is proposed,which can portray the formation process of P2P b...Peer-to-Peer (P2P) botnet has emerged as one of the most serious threats to lnternet security. To effectively elimi- nate P2P botnet, a delayed SEIR model is proposed,which can portray the formation process of P2P botnet. Then, the local stability at equilibria is carefully analyzed by considering the eigenvalues' distributed ranges of characteristic equations. Both mathematical analysis and numerical simulations show that the dynamical features of the proposed model rely on the basic re- production number and time delay r. The results can help us to better understand the propagation behaviors of P2P botnet and design effective counter-botnet methods.展开更多
The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as P...The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.展开更多
In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the netw...In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the network behavior features,which are the essential abnormal features of the P2P botnet and do not change with the network topology,the network protocol or the network attack type launched by the P2P botnet.First,the network behavior features are accurately described by the local singularity and the information entropy theory.Then,two detection results are acquired by using the Kalman filter to detect the anomalies of the above two features.Finally,the above two detection results are fused with the Dezert-Smarandache theory to obtain the final detection results.The experimental results demonstrate that the proposed method can effectively detect the new P2P botnet and that it considerably outperforms other methods at a lower degree of false negative rate and false positive rate,and the false negative rate and the false positive rate can reach 0.09 and 0.12,respectively.展开更多
One of the key challenges in ad-hoc networks is the resource discovery problem.How efciently&quickly the queried resource/object can be resolved in such a highly dynamic self-evolving network is the underlying que...One of the key challenges in ad-hoc networks is the resource discovery problem.How efciently&quickly the queried resource/object can be resolved in such a highly dynamic self-evolving network is the underlying question?Broadcasting is a basic technique in the Mobile Ad-hoc Networks(MANETs),and it refers to sending a packet from one node to every other node within the transmission range.Flooding is a type of broadcast where the received packet is retransmitted once by every node.The naive ooding technique oods the network with query messages,while the random walk scheme operates by contacting subsets of each node’s neighbors at every step,thereby restricting the search space.Many earlier works have mainly focused on the simulation-based analysis of ooding technique,and its variants,in a wired network scenario.Although,there have been some empirical studies in peer-to-peer(P2P)networks,the analytical results are still lacking,especially in the context of mobile P2P networks.In this article,we mathematically model different widely used existing search techniques,and compare with the proposed improved random walk method,a simple lightweight approach suitable for the non-DHT architecture.We provide analytical expressions to measure the performance of the different ooding-based search techniques,and our proposed technique.We analytically derive 3 relevant key performance measures,i.e.,the avg.number of steps needed to nd a resource,the probability of locating a resource,and the avg.number of messages generated during the entire search process.展开更多
Applying ontology to describe resource metadata richly in the peer-to-peer environment has become current research trend. In this semantic peer-to-peer environment, indexing semantic element of resource description to...Applying ontology to describe resource metadata richly in the peer-to-peer environment has become current research trend. In this semantic peer-to-peer environment, indexing semantic element of resource description to support efficient resource location is a difficult and challenging problem. This paper provided a hybrid indexing architecture, which combines local indexing and global indexing. It uses community strategy and semantic routing strategy to organize key layer metadata element and uses DHT (distributed hash table) to index extensional layer metadata element. Compared with related system, this approach is more efficient in resource location and more scalable.展开更多
may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set ...may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set of keywords. However, a KSS index is considerably larger than a standard inverted index, since there are more word sets than there are individual words. And the insert overhead and storage overhead are obviously un- acceptable for full-text search on a collection of documents even if KSS uses the distance window technology. In this paper, we extract the relationship information between query keywords from websites’ queries logs to improve performance of KSS system. Experiments results clearly demonstrated that the improved keyword-set search system based on keywords relationship (KRBKSS) is more efficient than KSS index in insert overhead and storage overhead, and a standard inverted index in terms of communication costs for query.展开更多
Peer-to-peer (P2P) technology provides a cost-effective and scalable way to distribute video data. However, high heterogeneity of the P2P network, which rises not only from heterogeneous link capacity between peers bu...Peer-to-peer (P2P) technology provides a cost-effective and scalable way to distribute video data. However, high heterogeneity of the P2P network, which rises not only from heterogeneous link capacity between peers but also from dynamic variation of available bandwidth, brings forward great challenge to video streaming. To attack this problem, an adaptive scheme based on rate-distortion optimization (RDO) is proposed in this paper. While low complexity RDO based frame dropping is exploited to shape bitrate into available bandwidth in peers, the streamed bitstream is dynamically switched among multiple available versions in an RDO way by the streaming server. Simulation results show that the proposed scheme based on RDO achieves great gain in overall perceived quality over simple heuristic schemes.展开更多
Free riding has a great influence on the expandability,robustness and availability of Peer-to-Peer(P2P) network.Controlling free riding has become a hot research issue both in academic and industrial communities.An in...Free riding has a great influence on the expandability,robustness and availability of Peer-to-Peer(P2P) network.Controlling free riding has become a hot research issue both in academic and industrial communities.An incentive scheme is proposed to overcoming free riding in P2P network in this paper.According to the behavior and function of nodes,the P2P network is abstracted to be a Distributed and Monitoring-based Hierarchical Structure Mechanism(DMHSM) model.A utility function based on several influencing factors is defined to determine the contribution of peers to the whole system.This paper also introduces reputation and permit mechanism into the scheme to guarantee the Quality of Service(QoS) and to reward or punish peers in the network.Finally,the simulation results verify the effectiveness and feasibility of this model.展开更多
Towards the problems of existing detection methods,a novel real-time detection method(DMFIF) based on fractal and information fusion is proposed.It focuses on the intrinsic macroscopic characteristics of network,which...Towards the problems of existing detection methods,a novel real-time detection method(DMFIF) based on fractal and information fusion is proposed.It focuses on the intrinsic macroscopic characteristics of network,which reflect not the "unique" abnormalities of P2P botnets but the "common" abnormalities of them.It regards network traffic as the signal,and synthetically considers the macroscopic characteristics of network under different time scales with the fractal theory,including the self-similarity and the local singularity,which don't vary with the topology structures,the protocols and the attack types of P2P botnet.At first detect traffic abnormalities of the above characteristics with the nonparametric CUSUM algorithm,and achieve the final result by fusing the above detection results with the Dempster-Shafer evidence theory.Moreover,the side effect on detecting P2P botnet which web applications generated is considered.The experiments show that DMFIF can detect P2P botnet with a higher degree of precision.展开更多
基金National Natural Science Foundation of China(No.61379125)Program for Basic Research of Shanxi Province(No.2012011015-3)Higher School of Science and Technology Innovation Project of Shanxi Province(No.2013148)
文摘Peer-to-Peer (P2P) botnet has emerged as one of the most serious threats to lnternet security. To effectively elimi- nate P2P botnet, a delayed SEIR model is proposed,which can portray the formation process of P2P botnet. Then, the local stability at equilibria is carefully analyzed by considering the eigenvalues' distributed ranges of characteristic equations. Both mathematical analysis and numerical simulations show that the dynamical features of the proposed model rely on the basic re- production number and time delay r. The results can help us to better understand the propagation behaviors of P2P botnet and design effective counter-botnet methods.
基金This work was supported by the Ministry of Higher Education Malaysia’s Fundamental Research Grant Scheme under Grant FRGS/1/2021/ICT07/USM/03/1.
文摘The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.
基金The National High Technology Research and Development Program of China(863 Program)(No.2011AA7031024G)the National Natural Science Foundation of China(No.61133011,61373053,61472161)
文摘In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the network behavior features,which are the essential abnormal features of the P2P botnet and do not change with the network topology,the network protocol or the network attack type launched by the P2P botnet.First,the network behavior features are accurately described by the local singularity and the information entropy theory.Then,two detection results are acquired by using the Kalman filter to detect the anomalies of the above two features.Finally,the above two detection results are fused with the Dezert-Smarandache theory to obtain the final detection results.The experimental results demonstrate that the proposed method can effectively detect the new P2P botnet and that it considerably outperforms other methods at a lower degree of false negative rate and false positive rate,and the false negative rate and the false positive rate can reach 0.09 and 0.12,respectively.
文摘One of the key challenges in ad-hoc networks is the resource discovery problem.How efciently&quickly the queried resource/object can be resolved in such a highly dynamic self-evolving network is the underlying question?Broadcasting is a basic technique in the Mobile Ad-hoc Networks(MANETs),and it refers to sending a packet from one node to every other node within the transmission range.Flooding is a type of broadcast where the received packet is retransmitted once by every node.The naive ooding technique oods the network with query messages,while the random walk scheme operates by contacting subsets of each node’s neighbors at every step,thereby restricting the search space.Many earlier works have mainly focused on the simulation-based analysis of ooding technique,and its variants,in a wired network scenario.Although,there have been some empirical studies in peer-to-peer(P2P)networks,the analytical results are still lacking,especially in the context of mobile P2P networks.In this article,we mathematically model different widely used existing search techniques,and compare with the proposed improved random walk method,a simple lightweight approach suitable for the non-DHT architecture.We provide analytical expressions to measure the performance of the different ooding-based search techniques,and our proposed technique.We analytically derive 3 relevant key performance measures,i.e.,the avg.number of steps needed to nd a resource,the probability of locating a resource,and the avg.number of messages generated during the entire search process.
文摘Applying ontology to describe resource metadata richly in the peer-to-peer environment has become current research trend. In this semantic peer-to-peer environment, indexing semantic element of resource description to support efficient resource location is a difficult and challenging problem. This paper provided a hybrid indexing architecture, which combines local indexing and global indexing. It uses community strategy and semantic routing strategy to organize key layer metadata element and uses DHT (distributed hash table) to index extensional layer metadata element. Compared with related system, this approach is more efficient in resource location and more scalable.
基金Project supported by the National Natural Science Foundation of China (No. 60221120145) and Science & Technology Committee of Shanghai Municipality Key Project (No. 02DJ14045), China
文摘may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set of keywords. However, a KSS index is considerably larger than a standard inverted index, since there are more word sets than there are individual words. And the insert overhead and storage overhead are obviously un- acceptable for full-text search on a collection of documents even if KSS uses the distance window technology. In this paper, we extract the relationship information between query keywords from websites’ queries logs to improve performance of KSS system. Experiments results clearly demonstrated that the improved keyword-set search system based on keywords relationship (KRBKSS) is more efficient than KSS index in insert overhead and storage overhead, and a standard inverted index in terms of communication costs for query.
文摘Peer-to-peer (P2P) technology provides a cost-effective and scalable way to distribute video data. However, high heterogeneity of the P2P network, which rises not only from heterogeneous link capacity between peers but also from dynamic variation of available bandwidth, brings forward great challenge to video streaming. To attack this problem, an adaptive scheme based on rate-distortion optimization (RDO) is proposed in this paper. While low complexity RDO based frame dropping is exploited to shape bitrate into available bandwidth in peers, the streamed bitstream is dynamically switched among multiple available versions in an RDO way by the streaming server. Simulation results show that the proposed scheme based on RDO achieves great gain in overall perceived quality over simple heuristic schemes.
基金Supported by the National Natural Science Foundation of China (No.60873203)the Natural Science Foundation of Hebei Province (No.F2008000646)the Guidance Program of the Department of Science and Technology in Hebei Province (No.072135192)
文摘Free riding has a great influence on the expandability,robustness and availability of Peer-to-Peer(P2P) network.Controlling free riding has become a hot research issue both in academic and industrial communities.An incentive scheme is proposed to overcoming free riding in P2P network in this paper.According to the behavior and function of nodes,the P2P network is abstracted to be a Distributed and Monitoring-based Hierarchical Structure Mechanism(DMHSM) model.A utility function based on several influencing factors is defined to determine the contribution of peers to the whole system.This paper also introduces reputation and permit mechanism into the scheme to guarantee the Quality of Service(QoS) and to reward or punish peers in the network.Finally,the simulation results verify the effectiveness and feasibility of this model.
基金supported by National High Technical Research and Development Program of China(863 Program)under Grant No.2011AA7031024GNational Natural Science Foundation of China under Grant No.90204014
文摘Towards the problems of existing detection methods,a novel real-time detection method(DMFIF) based on fractal and information fusion is proposed.It focuses on the intrinsic macroscopic characteristics of network,which reflect not the "unique" abnormalities of P2P botnets but the "common" abnormalities of them.It regards network traffic as the signal,and synthetically considers the macroscopic characteristics of network under different time scales with the fractal theory,including the self-similarity and the local singularity,which don't vary with the topology structures,the protocols and the attack types of P2P botnet.At first detect traffic abnormalities of the above characteristics with the nonparametric CUSUM algorithm,and achieve the final result by fusing the above detection results with the Dempster-Shafer evidence theory.Moreover,the side effect on detecting P2P botnet which web applications generated is considered.The experiments show that DMFIF can detect P2P botnet with a higher degree of precision.
