Verme: Worm containment in overlay networks

Freitas, Filipe; Marques, Edgar; Rodrigues, Rodrigo; Ribeiro, Carlos; Ferreira, Paulo; Rodrı́gues, L.

doi:10.1109/dsn.2009.5270341

Cited by 8 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In recent years, researchers find that increasing configuration diversity is an effective method to quarantine PRWORM (Zhou et al , 2006; McIlwraith et al , 2008; Freitas et al , 2009). This method aims at decreasing homogeneity and breaking monocultures of P2P software.…”

Section: Related Workmentioning

confidence: 99%

Proactive P2P worm containment via automatic authentication

Zhang

Chen

et al. 2013

COMPEL - The International Journal for Computation and Mathematics in Electrical and Electronic Engineering

View full text Add to dashboard Cite

Purpose -Nowadays, proactive P2P worm (PRWORM) poses a latent threat to internet infrastructure and common users for the fatal vulnerabilities in homogeneous P2P software. It is more difficult to contain PRWORM because of its fast spread speed. Current techniques are not adequate to quarantine PRWORM, mainly because of their inaccuracy and slow response to attacks. The purpose of this paper is to propose an accurate and real-time approach for PRWORM containment. Design/methodology/approach -First, the authors present a new methodology to contain PRWORM via proper authentication of initiators of P2P communications. Second, three simple network protocols are proposed to fulfill automatic authentication. Findings -Both simulations and strictly mathematical proof by Strand Space Model represent that the authors' work is able to accurately quarantine PRWORM in real time. Furthermore, proof shows the three network protocols are resistant to popular attacks such as man-in-the-middle attack and replay attack. Originality/value -First, the authors propose an authentication based method to contain proactive P2P worm and second, use strand space model to proof the effectiveness and security of the method.

show abstract

Section: Related Workmentioning

confidence: 99%

Proactive P2P worm containment via automatic authentication

Zhang

Chen

et al. 2013

COMPEL - The International Journal for Computation and Mathematics in Electrical and Electronic Engineering

View full text Add to dashboard Cite

show abstract

“…Recognizing such threats, many researchers started to study the corresponding defense mechanisms. Specifically, Yu et al in [30] presented a region-based active immunization defense strategy to defend against active P2P worm attacks; Freitas et al in [9] utilized the diversity of participating hosts to design a worm-resistant P2P overlay, Verme, for containing possible P2P worms; moreover, in [29], Xie and Zhu proposed a partition-based scheme to proactively block the possible worm spreading as well as a connected dominating set based scheme to achieve fast patch distribution in a race with the worm, and in [28], Xie et al further designed a P2P patching system through file-sharing mechanisms to internally disseminate security patches. However, existing defense mechanisms generally focused on the internal P2P worm defense without the consideration of external worm attacks, so that they cannot provide a total worm protection for the P2P overlay systems.…”

Section: Related Workmentioning

confidence: 99%

Phagocytes: A Holistic Defense and Protection Against Active P2P Worms

Chen,

Lua,

Crowcroft

et al. 2011

Preprint

View full text Add to dashboard Cite

Active Peer-to-Peer (P2P) worms present serious threats to the global Internet by exploiting popular P2P applications to perform rapid topological self-propagation. Active P2P worms pose more deadly threats than normal scanning worms because they do not exhibit easily detectable anomalies, thus many existing defenses are no longer effective.We propose an immunity system with Phagocytes -a small subset of elected P2P hosts that are immune with high probability and specialized in finding and "eating" worms in the P2P overlay. The Phagocytes will monitor their managed P2P hosts' connection patterns and traffic volume in an attempt to detect active P2P worm attacks. Once detected, local isolation, alert propagation and software patching will take place for containment. The Phagocytes further provide the access control and filtering mechanisms for communication establishment between the internal P2P overlay and the external hosts. We design a novel adaptive and interaction-based computational puzzle scheme at the Phagocytes to restrain external worms attacking the P2P overlay, without influencing legitimate hosts' experiences significantly. We implement a prototype system, and evaluate its performance based on realistic massive-scale P2P network traces. The evaluation results illustrate that our Phagocytes are capable of achieving a total defense against active P2P worms.

show abstract

“…Since most worms can not run on multiple platforms, we can design a special topology to isolate worms, where peers running on the same platform are not connected. A protocol, called Verme, is designed in [41], which is an extension of Chord. In Verme, all the peers are divided into different groups, called islands, according to the type of vulnerabilities.…”

Section: P2p Worm Containmentmentioning

confidence: 99%

Concept, Characteristics and Defending Mechanism of Worms

Tang

Luo

Xiao

et al. 2009

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Worms are a common phenomenon in today's Internet and cause tens of billions of dollars in damages to businesses around the world each year. This article first presents various concepts related to worms, and then classifies the existing worms into four types-Internet worms, P2P worms, email worms and IM (Instant Messaging) worms, based on the space in which a worm finds a victim target. The Internet worm is the focus of this article. We identify the characteristics of Internet worms in terms of their target finding strategy, propagation method and anti-detection capability. Then, we explore state-of-the-art worm detection and worm containment schemes. This article also briefly presents the characteristics, defense methods and related research work of P2P worms, email worms and IM worms. Nowadays, defense against worms remains largely an open problem. In the end of this article, we outline some future directions on the worm research.

show abstract

Verme: Worm containment in overlay networks

Cited by 8 publications

References 17 publications

Proactive P2P worm containment via automatic authentication

Proactive P2P worm containment via automatic authentication

Phagocytes: A Holistic Defense and Protection Against Active P2P Worms

Concept, Characteristics and Defending Mechanism of Worms

Contact Info

Product

Resources

About