CN102412981A - Method for evaluating peer-to-peer (P2P) worm propagation scale - Google Patents

Method for evaluating peer-to-peer (P2P) worm propagation scale Download PDF

Info

Publication number
CN102412981A
CN102412981A CN201110296407XA CN201110296407A CN102412981A CN 102412981 A CN102412981 A CN 102412981A CN 201110296407X A CN201110296407X A CN 201110296407XA CN 201110296407 A CN201110296407 A CN 201110296407A CN 102412981 A CN102412981 A CN 102412981A
Authority
CN
China
Prior art keywords
node
worm
distance
source
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201110296407XA
Other languages
Chinese (zh)
Inventor
林怀忠
黄观仁
王学松
苏啸鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHEJIANG ELECTRONIC INFORMATION PRODUCT TEST INSTITUTE
Zhejiang University ZJU
Original Assignee
ZHEJIANG ELECTRONIC INFORMATION PRODUCT TEST INSTITUTE
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHEJIANG ELECTRONIC INFORMATION PRODUCT TEST INSTITUTE, Zhejiang University ZJU filed Critical ZHEJIANG ELECTRONIC INFORMATION PRODUCT TEST INSTITUTE
Priority to CN201110296407XA priority Critical patent/CN102412981A/en
Publication of CN102412981A publication Critical patent/CN102412981A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method for evaluating the peer-to-peer (P2P) worm propagation scale, provides an active P2P worm propagation model suitable for the Chord network and belongs to a discrete mathematical model. At the beginning, only one worm node is provided, and the Chord network is free from disturbance; the number of all target node identities (ID) in the nth round of infection is calculated; a unit distance is set, the offset distance of the node, which is relative to an initial worm node, is calculated, and the offset distances of the nodes in the previous period and the subsequent period, which are relative to the initial worm node, are calculated; the basic distance of any theoretical target node in this-time infection, which is relative to the source node, is calculated; meanwhile, the theoretical distance of any theoretical target node in this-time infection, which is relative to the source worm source node, is calculated; and according to a formula proposed by the invention, the amount scale of the worm can be obtained. In the method, the node degree characteristics and the structural characteristics of the P2P network topology are considered, the propagation process of the active P2P worm in the Chord network can be truly described, and the P2P worm propagation scale can be accurately evaluated.

Description

A kind of method of assessing P2P worm propagation scale
Technical field
The present invention relates to the computer security technical field, relate in particular to a kind of P2P Network Worm Propagation scale appraisal procedure.
Background technology
But network worm is a kind of rogue program of independent operating, and it finds to exist the computer system or the application service of system vulnerability through scan for networks, infects this computer, and obtains the control of this computer system, propagates; Network worm infection on a large scale can cause information leakage, resource for computer system to cross serious consequences such as consumption, network congestion.Famous Code Red worm, Slammer worm are all at the massive losses that directly causes in a short time after the outburst more than 1,000,000,000 dollars.Network worm has become a present big factors that influences network security.
The worm propagation model can be used to predict the worm diffusion velocity, assessment worm outburst degree, the reaction speed of check worm detection algorithm or the effect of the check precautionary measures.Good worm propagation model can well reflect the diffusion process of worm, and researcher and Security Officer are had important directive function.
Main worm propagation model has at present:
The SEM model of constant sweep speed, main frame have only susceptible and infect two states, and the state-transition process is " susceptible infection ".This model is simple and easy to usefulness, and Consideration is few; Modeling to the worm diffusion later stage is accurate inadequately.
The K-M model has been considered artificial counter-measure such as patch reparation or shutdown, and the state transitions process of main frame is " a susceptible infection immunity ".Do not consider network congestion, do not consider the influence of network topology yet.
The dual factors model has been considered the network congestion that artificial counter-measure and worm propagation cause, and uses variable infection rate.The worm outburst case that can be used for Analysis of Complex; Parameter is more in this model, and parameter is selected or the parameter Estimation difficulty, uses difficulty bigger.
Be based upon on the SEM model basis the NHRS model hypothesis each infected main frame and had different infection rates, and average infection rate can change in time.The NHRS model has considered that infection rate changes in time and is too complicated that model has only a parameter undetermined, and the available parameter method of estimation confirms to have higher utility.
Discrete model AAWP model, worm is every through a unit interval diffusion once, can embody a plurality of main frames of same time and infect this situation of same destination host;
The WAW model that the big equality people of literary composition proposes has been considered the situation that the antagonism worm exists, and is applicable to the worm outburst case of malicious and the coexistence of antagonism worm.
The worm propagation model depends on the scan mode of worm, influenced by network topology and security strategy, and various models all have its suitable application area.Along with IPv6 progressively disposes, the more variation will appear in the worm propagation model.
Summary of the invention
The objective of the invention is to overcome existing model method and can't consider the node degree characteristic of P2P topology and the deficiency of architectural feature, a kind of P2P Network Worm Propagation scale appraisal procedure is provided.
The step of the method for assessment P2P worm propagation scale is following:
1) confirms the figure place of 128~256 bit identifiers;
2) suppose to begin to have only a worm node; The Chord network does not have disturbance; The node sum is constant, and all nodes are all online and be in sensitization, and node is in case remain on Infection Status after infecting; The worm node uses the node in the pointer gauge to generate object listing, and the worm node infects all nodes in the object listing in a unit interval arbitrarily;
3) confirm source worm node in the P2P network, note source worm node ID is 0, is designated as the 0th subinfection, calculate the n wheel infect in all destination node ID numbers;
4) set unit distance, calculate the offset distance of node with respect to initial worm node;
5) calculate the offset distance of the node of last cycle and back one-period with respect to initial worm node;
6) suppose that all nodes are evenly distributed on the Chord ring, the distance of source worm node O is the integral multiple of V relatively, draws the quantity that infects node; The basis distance of the relative O of any theory target node that calculates simultaneously at this subinfection;
7) consider that all nodes are randomly dispersed in the Chord ring, the distance of source worm node O is not the integral multiple of V relatively, draws the quantity that infects node; Calculate the theoretical at the relative source of any theory target node of this subinfection worm node O simultaneously, promptly the basis distance adds offset distance;
8) result of calculation of comprehensive front according to the formula of model, calculates the quantity size of worm.
Described setting unit distance calculates node and with respect to the offset distance step of initial worm node is:
1) note M is the identifier space size, and k is the average degree of main frame, the unit distance V=M/2k that then infects;
2) following at the arbitrary target node of t subinfection with respect to the theoretical of source worm node O, d wherein tBe the coverage distance of t subinfection, the l value be 0,1 ..., k-1}:
Σ i = 1 t ( 2 l i * V + p i ) = Σ i = 1 t 2 l i * V + d t * V
3) final, the quantity size of calculating worm, wherein C tBe log 2d tGet and put in order P tBe C t K-ci:
S t = [ P t d t + Q t ( 2 c t - 2 c t - 1 ) + P t - 1 ( 2 c t - 1 - d t - 1 ) ] * N 2 k
The present invention can derive the infection scale of worm at different time, and can estimate that the Chord network is infected the needed time fully, meets the architectural feature of Chord network.Model has been considered the node degree characteristic and the architectural feature of P2P network topology simultaneously, and has proved the correctness of this model through simulated experiment, shows that this model can describe the initiatively communication process of P2P worm in the Chord network more really.
Description of drawings
Fig. 1 is the basic flow sheet of P2P worm propagation scale appraisal procedure of the present invention;
The result of implementation figure of Fig. 2 P2P worm propagation of the present invention scale appraisal procedure in comprising the P2P network of 10000 nodes;
The result of implementation figure of Fig. 3 P2P worm propagation of the present invention scale appraisal procedure in comprising the P2P network of 40000 nodes.
Embodiment
The step of the method for assessment P2P worm propagation scale is following:
1) confirms the figure place of 128~256 bit identifiers;
2) suppose to begin to have only a worm node; The Chord network does not have disturbance; The node sum is constant, and all nodes are all online and be in sensitization, and node is in case remain on Infection Status after infecting; The worm node uses the node in the pointer gauge to generate object listing, and the worm node infects all nodes in the object listing in a unit interval arbitrarily;
3) confirm source worm node in the P2P network, note source worm node ID is 0, is designated as the 0th subinfection, calculate the n wheel infect in all destination node ID numbers;
4) set unit distance, calculate the offset distance of node with respect to initial worm node;
5) calculate the offset distance of the node of last cycle and back one-period with respect to initial worm node;
6) suppose that all nodes are evenly distributed on the Chord ring, the distance of source worm node O is the integral multiple of V relatively, draws the quantity that infects node; The basis distance of the relative O of any theory target node that calculates simultaneously at this subinfection;
7) consider that all nodes are randomly dispersed in the Chord ring, the distance of source worm node O is not the integral multiple of V relatively, draws the quantity that infects node; Calculate the theoretical at the relative source of any theory target node of this subinfection worm node O simultaneously, promptly the basis distance adds offset distance;
8) result of calculation of comprehensive front according to the formula of model, calculates the quantity size of worm.
Described setting unit distance calculates node and with respect to the offset distance step of initial worm node is:
1) note M is the identifier space size, and k is the average degree of main frame, the unit distance V=M/2k that then infects;
2) following at the arbitrary target node of t subinfection with respect to the theoretical of source worm node O, d wherein tBe the coverage distance of t subinfection, the l value be 0,1 ..., k-1}:
Σ i = 1 t ( 2 l i * V + p i ) = Σ i = 1 t 2 l i * V + d t * V
3) final, the quantity size of calculating worm, wherein C tBe log 2d tGet and put in order P tBe C t K-ci:
S t = [ P t d t + Q t ( 2 c t - 2 c t - 1 ) + P t - 1 ( 2 c t - 1 - d t - 1 ) ] * N 2 k
The present invention is based on following theoretical foundation:
1) the active P2P worm in the Chord network utilizes the neighbors information that is stored in the present node as infecting object listing, utilizes the leak in the client software to infect all destination hosts.Infected main frame becomes the worm node, continues to carry out above-mentioned course of infection;
2) do not consider the stirring of Chord network, the node sum is constant;
3) all nodes are all online and be in sensitization, in case be in Infection Status after infecting always;
4) the worm node infects all nodes in the object listing in a unit interval arbitrarily;
As shown in the figure, Fig. 1 is the flow chart of assessment worm propagation scale, and the step of P2P worm propagation scale appraisal procedure is following:
1) confirm the figure place of identifier, general recommendations is 128;
2) set up assumed condition: begin to have only a worm node; All nodes are all online and be in sensitization, in case remain on Infection Status after infecting; The worm node uses the node in the pointer gauge to generate object listing; The worm node infects all nodes in the object listing in a unit interval arbitrarily; Do not consider the disturbance of Chord network, the node sum is constant etc.
3) note source worm node ID is 0, calculates all destination node ID numbers in the infection of n wheel.
4) suppose that all nodes are evenly distributed on the Chord ring, relative 0 distance is the integral multiple of V, draws the quantity that infects node;
5) consider that all nodes are randomly dispersed in the Chord ring, relative 0 distance is not the integral multiple of V, draws the quantity that infects node;
Embodiment
The P2P simulation softward PeerSim that use is increased income adds the realization of Chord agreement, and modification Chord agreement makes it to allow worm activity.Use the event-driven simulation of PeerSim.In each unit interval, all worm nodes are attempted the node in infection self pointer gauge.
As shown in Figure 3, according to P2P worm propagation scale appraisal procedure of the present invention, the P2P network that comprises 10000 nodes to be assessed, about 10000 of wherein common Chord network node detects about 50 of end points.Its assessment result conforms to actual performance.
According to P2P worm propagation scale appraisal procedure of the present invention, the P2P network that comprises 40000 nodes to be assessed, about 40000 of wherein common Chord network node detects about 100 of end points.Its assessment result conforms to actual performance.
This appraisal procedure can be derived the infection scale of worm at different time, and can estimate that the Chord network is infected the needed time fully, thereby realizes the timely discovery of P2P worm, detects the outburst scale of P2P worm accurately, efficiently and in real time.

Claims (2)

1. method of assessing P2P worm propagation scale is characterized in that its step is following:
1) confirms the figure place of 128~256 bit identifiers;
2) suppose to begin to have only a worm node; The Chord network does not have disturbance; The node sum is constant, and all nodes are all online and be in sensitization, and node is in case remain on Infection Status after infecting; The worm node uses the node in the pointer gauge to generate object listing, and the worm node infects all nodes in the object listing in a unit interval arbitrarily;
3) confirm source worm node in the P2P network, note source worm node ID is O, is designated as the 0th subinfection, calculate the n wheel infect in all destination node ID numbers;
4) set unit distance, calculate the offset distance of node with respect to initial worm node;
5) calculate the offset distance of the node of last cycle and back one-period with respect to initial worm node;
6) suppose that all nodes are evenly distributed on the Chord ring, the distance of source worm node O is the integral multiple of V relatively, draws the quantity that infects node; The basis distance of the relative O of any theory target node that calculates simultaneously at this subinfection;
7) consider that all nodes are randomly dispersed in the Chord ring, the distance of source worm node O is not the integral multiple of V relatively, draws the quantity that infects node; Calculate the theoretical at the relative source of any theory target node of this subinfection worm node O simultaneously, promptly the basis distance adds offset distance;
8) result of calculation of comprehensive front according to the formula of model, calculates the quantity size of worm.
2. a kind of method of assessing P2P worm propagation scale according to claim 1 is characterized in that described setting unit distance, calculates node with respect to the offset distance step of initial worm node to be:
1) note M is the identifier space size, and k is the average degree of main frame, the unit distance V=M/2k that then infects;
2) following at the arbitrary target node of t subinfection with respect to the theoretical of source worm node O, d wherein tBe the coverage distance of t subinfection, the l value be 0,1 ..., k-1}:
Σ i = 1 t ( 2 l i * V + p i ) = Σ i = 1 t 2 l i * V + d t * V
3) final, the quantity size of calculating worm, wherein C tBe log 2d tGet and put in order P tBe C t K-ci:
S t = [ P t d t + Q t ( 2 c t - 2 c t - 1 ) + P t - 1 ( 2 c t - 1 - d t - 1 ) ] * N 2 k .
CN201110296407XA 2011-09-28 2011-09-28 Method for evaluating peer-to-peer (P2P) worm propagation scale Pending CN102412981A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110296407XA CN102412981A (en) 2011-09-28 2011-09-28 Method for evaluating peer-to-peer (P2P) worm propagation scale

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110296407XA CN102412981A (en) 2011-09-28 2011-09-28 Method for evaluating peer-to-peer (P2P) worm propagation scale

Publications (1)

Publication Number Publication Date
CN102412981A true CN102412981A (en) 2012-04-11

Family

ID=45914843

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110296407XA Pending CN102412981A (en) 2011-09-28 2011-09-28 Method for evaluating peer-to-peer (P2P) worm propagation scale

Country Status (1)

Country Link
CN (1) CN102412981A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105227401A (en) * 2015-09-21 2016-01-06 浪潮集团有限公司 A kind of appraisal procedure of the degree of consistency and system
CN103873484B (en) * 2014-04-01 2017-02-01 福建师范大学 malicious worm propagation model based on mobile network and control method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
苏啸鸣: "P2P蠕虫传播模型与检测技术的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873484B (en) * 2014-04-01 2017-02-01 福建师范大学 malicious worm propagation model based on mobile network and control method thereof
CN105227401A (en) * 2015-09-21 2016-01-06 浪潮集团有限公司 A kind of appraisal procedure of the degree of consistency and system

Similar Documents

Publication Publication Date Title
Mehdi et al. A game theory based trust model for Vehicular Ad hoc Networks (VANETs)
CN103401625B (en) Particle swarm optimization algorithm based cooperative spectrum sensing optimization method
CN104657418A (en) Method for discovering complex network fuzzy association based on membership transmission
CN104462861A (en) Reservoir regulation decision-making method based on reservoir regulation rule synthesis
CN103532761A (en) Survivability evaluating method applicable to attacked wireless sensing network
CN102968529A (en) Method for quantifying computed result non-determinacy interval of water supply pipe network model
Wan et al. Network design problems for controlling virus spread
Han et al. Balanced seed selection for budgeted influence maximization in social networks
CN103117817A (en) Spectrum sensing method and device under time varying fading channel
Stepanova et al. Applying large-scale adaptive graphs to modeling internet of things security
CN101772013A (en) Voting mechanism based WSN anti-attack node positioning method
CN102412981A (en) Method for evaluating peer-to-peer (P2P) worm propagation scale
Zhu et al. Sensors scheduling for remote state estimation over an unslotted CSMA/CA channel
CN102662848B (en) Bayesian software reliability checking and testing method and computer aided tool thereof
CN104036118A (en) Method for obtaining power system parallelization track sensitivity
Feng Patch-based hybrid modelling of spatially distributed systems by using stochastic HYPE-ZebraNet as an example
CN104350491A (en) Data sampling method and data sampling device
CN102123053B (en) Method for analyzing performance of multi-class closed fork-join queuing network based on horizontal decomposition
Silva et al. Energy-efficient node position identification through payoff matrix and variability analysis
Ali et al. Simulating the Wireless Sensor Networks Coverage area
Wang et al. Robust tracking algorithm for wireless sensor networks based on improved particle filter
del Rey et al. A cellular automata model for mobile worm propagation
Cai et al. Consensus-based data statistics in distributed network systems
CN105827482B (en) Open network method for trust evaluation of nodes based on preparatory random test
CN104936209A (en) Distributed filtering method based on adjustable weights

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120411