Skip to main content
SpringerLink
Log in

A First Look at Peer-to-Peer Worms: Threats and Defenses

  • Conference paper
Peer-to-Peer Systems IV (IPTPS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3640))

Included in the following conference series:

Abstract

Peer-to-peer (P2P) worms exploit common vulnerabilities in member hosts of a P2P network and spread topologically in the P2P network, a potentially more effective strategy than random scanning for locating victims. This paper describes the danger posed by P2P worms and initiates the study of possible mitigation mechanisms. In particular, the paper explores the feasibility of a self-defense infrastructure inside a P2P network, outlines the challenges, evaluates how well this defense mechanism contains P2P worms, and reveals correlations between containment and the overlay topology of a P2P network. Our experiments suggest a number of design directions to improve the resilience of P2P networks to worm attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Calvert, K., Doar, M., Zegura, E.: Modeling Internet topology. IEEE Communications Magazine (June 1997)

    Google Scholar 

  2. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, S.S.: Secure routing for structured peer-to-peer overlay networks. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), Boston, MA, USA, December 2002, pp. 299–314. USENIX (2002)

    Google Scholar 

  3. Chawathe, Y., Ratnasamy, S., Breslau, L., Lanham, N., Shenker, S.: Making Gnutella-like p2p systems scalable. In: Proceedings of SIGCOMM 2003, Karlsruhe, Germany, pp. 407–418. ACM, New York (2003)

    Chapter  Google Scholar 

  4. Costa, M., Crowcroft, J., Castro, M., Rowstron, A.: Can we contain Internet worms? In: Proceedings of the 3rd Workshop on Hot Topics in Networks (HotNets-III) (November 2004)

    Google Scholar 

  5. Cox, L.P., Noble, B.D.: Honor among thieves in peer-to-peer storage. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA, pp. 120–132. ACM SIGOPS, ACM Press, New York (2003)

    Chapter  Google Scholar 

  6. Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE/ACM (December 2004)

    Google Scholar 

  7. Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. 25th Symposium on Security and Privacy. IEEE, Los Alamitos (2004)

    Google Scholar 

  8. Kim, H., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium (August 2004)

    Google Scholar 

  9. Kreibich, C., Crowcroft, J.: Honeycomb—creating intrusion detection signatures using Honeypots. In: Proc. of the 2nd Workshop on Hot Topics in Networks (HotNets-II) (November 2003)

    Google Scholar 

  10. Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: Proceedings of IEEE INFOCOM 2003. IEEE, Los Alamitos (2003)

    Google Scholar 

  11. Newsome, J., Song, D.: Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (February 2005) (to appear)

    Google Scholar 

  12. random nut. The PACKET 0’ DEATH FastTrack network vulnerability. NETSYS.COM Full Disclosure Mailing List Archives (May 2003), http://www.netsys.com/full-disclosure/2003/05/msg00351.html

  13. Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proceedings of ACM SIGCOMM, San Diego, CA, USA, August 2001, pp. 161–172 (2001)

    Google Scholar 

  14. Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, p. 329. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Saroiu, S., Gribble, S.D., Levy, H.M.: Measurement and analysis of spyware in a university environment. In: Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA (March 2004)

    Google Scholar 

  16. Singh, S., Estan, C., Varghese, G., Savage, S.: The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761, UC San Diego (August 2003)

    Google Scholar 

  17. Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium (August 2002)

    Google Scholar 

  18. Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for Internet applications. In: Proc. ACM SIGCOMM, pp. 149–160 (2001)

    Google Scholar 

  19. Suh, G.E., Lee, J., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of ASPLOS XI, Boston, MA, USA, October 2004, pp. 85–96 (2004)

    Google Scholar 

  20. http://securityresponse.symantec.com/

  21. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: The First ACM Workshop on Rapid Malcode (WORM) (2003)

    Google Scholar 

  22. Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: Proceedings of the 13th USENIX Security Symposium (August 2004)

    Google Scholar 

  23. Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Proc. 18th Annual Computer Security Applications Conference, Las Vegas, NV (December 2002)

    Google Scholar 

  24. Zhao, B.Y., Huang, L., Rhea, S.C., Stribling, J., Joseph, A.D., Kubiatowicz, J.D.: Tapestry: A global-scale overlay for rapid service deployment. IEEE Journal on Selected Areas in Communications (J-SAC) 22(1), 41–53 (2004)

    Article  Google Scholar 

  25. Zhou, L., Schneider, F.B., van Renesse, R.: COCA: A secure distributed on-line certification authority. ACM Transactions on Computer Systems 20(4), 329–368 (2002)

    Article  Google Scholar 

  26. Zou, C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for Internet worms. In: Proc. of the 10th ACM Conference on Computer and Communication Security (October 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research Silicon Valley,  

    Lidong Zhou, Lintao Zhang, Frank McSherry & Steve Chien

  2. Laboratory for Computer Science, MIT,  

    Nicole Immorlica

  3. Microsoft Research Cambridge and University of Cambridge,  

    Manuel Costa

Authors
  1. Lidong Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lintao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank McSherry
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicole Immorlica
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manuel Costa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Steve Chien
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Artificial, Departamento de Computación y T.I., Universidad Simón Bolívar,  

    Miguel Castro

  2. Cornell University, NY 14850, Ithaca, USA

    Robbert van Renesse

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M., Chien, S. (2005). A First Look at Peer-to-Peer Worms: Threats and Defenses. In: Castro, M., van Renesse, R. (eds) Peer-to-Peer Systems IV. IPTPS 2005. Lecture Notes in Computer Science, vol 3640. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11558989_3

Download citation

  • DOI: https://doi.org/10.1007/11558989_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29068-1

  • Online ISBN: 978-3-540-31906-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation