Peer-to-peer system-based active worm attacks: Modeling, analysis and defense

Post on 13-Jan-2016

33 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Peer-to-peer system-based active worm attacks: Modeling, analysis and defense. Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan. Computer Communications 31 (2008). Outlines. Introduction Modeling P2P-based active worm attacks Analyzing P2P-based active worm attacks - PowerPoint PPT Presentation

transcript

112/04/21 1

Peer-to-peer system-based active worm attacks: Modeling, analysis and defense

Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan

Computer Communications 31 (2008)

2112/04/21

Outlines

Introduction Modeling P2P-based active worm attacks Analyzing P2P-based active worm attacks Defending against P2P-based active worm attacks Performance evaluation Final remarks

Introduction

Automatically propagate themselves and compromise hosts in the Internet.

Traditional worms predominantly adopt the random-based scan approach to propagate.

A more powerful worm attack strategy is the hit-list strategy, which collects a list of IP addresses prior to the attack to improve success rate of infection.

P2P systems can be a potential vehicle for the attacker.

3112/04/21

Modeling P2P-based active worm attacks

In general, there are two stages in an active worm attack: (1) scanning the network to select victim hosts;

(2) infecting the victim after discovering its vulnerability.

Pure Random Scan (PRS) Only 24% of addresses in the Internet space are used.

4112/04/21

Offline P2P-based hit-list scan (OPHLS)

The attacker collects IP address information of the P2P system offline. We denote this as the hit-list of the attacker.

After obtaining the hit-list,, there are two phases of attack model:

First, all newly infected hosts continuously attack the hit-list until all hosts in the hit-list have been scanned (called the P2P system attack phase).

In the second phase, all infected hosts continue to attack the Internet via PRS.

5112/04/21

Online P2P-based scan (OPS)

The host immediately launches the attack on its P2P neighbors as a high priority (using 60% of its attack capability), and attack the rest of the Internet with its remaining capability (40%) via PRS.

Note that there are two types of P2P systems: structured and unstructured. In the OPHLS model, it is the same in both types of

systems, since the attacker predetermines the hit-list before attacks.

In the OPS model, the number of neighbors is quite different.

6112/04/21

Model parameters

(1) P2P system size: A Super-P2P system. The size is the total number of users, denoted as m. The

remaining hosts are a part of the Non-P2P system. (2) P2P structured/unstructured topology:

Structured: all P2P nodes maintain the similar number of neighbors (average topology degree is ).

Unstructured:

is the mean value of topology degree, is a constant for a given , and denotes the power law degree.

7112/04/21

8112/04/21

9112/04/21

Analyzing P2P-based active worm attacks

In the OPHLS attack model,

Recursive formulas:

10112/04/21

Analyzing P2P-based active worm attacks

In the OPS attack model,

11112/04/21

Defending against P2P-based active worm attacks Defense framework:

Control center: it can be a system deployed node, or a stable P2P node itself.

A number of volunteer defense hosts: worm detection and response.

Threshold-based and trend-based worm detection schemes.

Threshold-based scheme: simple and easy to apply,but high false alarm rates.

12112/04/21

Performance evaluation

<SYS; ATT; DE> SYS: ATT: , where

OPSS & OPUS: the Online P2P-based scan attack model for the structured and unstructured P2P system.

DE: , where

WB: denotes results obtained using simulations for the which one attack model.D: Trend-based detection (D1), Threshold-based detection(D2)

13112/04/21

Worm Attack Performance Comparision of All Attack Models

14112/04/21

The Sensitivity of Attack Performance to P2P System Size

15112/04/21

The Sensitivity of Attack Performance to P2P Topology Degree

16112/04/21

OPSS(degree #)

The Sensitivity of Attack Performance to P2P Host Vulnerability

17112/04/21

The Sensitivity of Defense Performance to Different Attack Models

18112/04/21

Sensitivity of Detection Time to Defense Host Ratio

19112/04/21

Sensitivity of Detection Time to Defense Region Size

20112/04/21

The defense region size g denotes a region with a group of P2P defense hosts within g P2P hops from the region leader.

Region False Alarm Rate vs. Host False Alarm Rate

21112/04/21

Final remarks

P2P systems are gaining rapid popularity in the Internet. We believe that P2P-based active worm attacks are very dangerous threats for rapid worm propagation and infection.

Model and analyze P2P-based active worm propagation.

Design effective defense strategies against them. An offline P2P-based hit-list attack model (OPHLS)

and an online P2P-based attack model (OPS).

22112/04/21

Top related

SCALABLE PROTECTION AGAINST DDOS AND WORM ATTACKS · (DDoS) and worm attacks. We advance new solutions aimed at providing scalable defenses against these potentially debilitating
Documents
CAP6135: Malware and Software Vulnerability Analysis The Next …czou/CAP6135-09/P2P-botnet.pdf · 2009-03-06 · Vulnerability Analysis The Next Generation Peer-to-Peer Botnet Attacks
Documents
Active Worms, Buffer Overflow Attacks, and BGP Attacksweb.cse.ohio-state.edu/~champion.17/4471/4471_threat_attack_example.pdf · Worm Exploit Techniques •Case study: Conficker worm
Documents
Eclipse Attacks on Bitcoin s Peer-to-Peer Networkeclipse attacks while preserving the openness and decen-tralization of bitcoin s current network architecture. 1 Introduction While
Documents
Stopping Worm/Virus Attacks
Documents
SCALABLE PROTECTION AGAINST DDOS AND WORM ATTACKS · SCALABLE PROTECTION AGAINST DDOS AND WORM ATTACKS 6. AUTHOR(S) Kihong Park 5. FUNDING NUMBERS ... distributed denial of service
Documents
SCALABLE PROTECTION AGAINST DDOS AND WORM ATTACKS · 2004-04-09 · (DDoS) and worm attacks. We advance new solutions aimed at providing scalable defenses against these potentially
Documents
JTW Series Worm Gear Screw Jack,Worm Gear Wheel Lifts,Worm Gear Screw Lifter,Worm Gear Screw Actuator,Worm Gear Linear Actuator,Worm Gear Machine Screw Jack,Worm and Worm Wheel Screw
Documents
A Stochastic Model for Analysis of Attacks on Blockchain for analy… · 24/10/2016  · model for analysis of attacks on blockchain. The model is based on the structure of a peer-to-peer
Documents
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network · Force victim to waste computational power on obsolete views of blockchain Coopt the victim’s computational power for your
Documents
Eclipse Attacks on Bitcoin's Peer-to-Peer Network
Documents
WORLDWIDE GEAR REDUCERS Worm Gear Reducerscatalog.jamiesonequipment.com/Asset/WWE Aluminum Worm... · 2015. 7. 23. · Worm Gear Reducers. Aluminum Worm Gear Reducers. WORM GEAR REDUCERS
Documents
chm worm geared motors and worm gear units chm worm geared
Documents
Modeling, Analysis, and Mitigation of Internet Worm Attacks
Documents
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network · Eclipse Attacks on Bitcoin’s Peer-to-Peer Network Ethan Heilman Alison Kendler Aviv Zohar† Sharon Goldberg Boston University
Documents
Cyber Security Solutions for Critical Infrastructure€¦ · Virus / Worm Propagation Denial of Service Man-in-the-Middle Attacks Routing Misconfiguration Adaptive Attacks Sniffing
Documents
Proactive Defenses Against DDoS and Worm Attacks
Documents
Cumulative Reputation Systems for Peer-to-Peer Content … · 2006-03-24 · Reputation Systems: Vulnerabilities and Trust Groups • Potential attacks on cumulative distributed reputa-tion
Documents
Stopping Worm/Virus Attacks Chiu Wah So (Kelvin).
Documents
Worm Cost of worm attacks - Stanford University · Worm vs Virus vs Trojan horse A virus is code embedded in a file or program Viruses and Trojan horses rely on human intervention
Documents

Copyright © 2018 DOCUMENTS