Professional Documents
Culture Documents
1909
In order to formally analyze attack strategies and Theorem 1 In a time unit, the rate at which the
epidemiological modeling of P2P worms, we list the proportion of infected node among all nodes with
most parameters in table 1, which will have an impact degree k changes is
on worm attack effects. I k (t+1) − I k (t ) = β k (1 − I k (t ))Θ( I (t )) − γI k (t ) Proo
f: According to Lemma 1, a susceptible node with
degree k is infected by the probability of β kΘ( I (t )) .
3.2. SIS Model
And at time unit t, the proportion of susceptible nodes
To address the effect of the topology of P2P among all nodes with degree k is (1 − I k (t )) . Hence,
networks in epidemic spreading we shall use the SIS there are β k (1 − I k (t ))Θ( I (t )) susceptible nodes to
epidemiological model. In this model, peers can only become infected in a time unit. Meanwhile, there are
exist in two discrete states, namely, susceptible and
γI k (t ) infected nodes returning to be susceptible.
infected. These states completely neglect the details of
the infection mechanism within each individual. The Therefore, the change rate of the proportion of infected
P2P active worm transmission is also described in an nodes with degree k in a time unit is
effective way. At each time unit, each susceptible node I k (t+1) − I k (t ) = β k (1 − I k (t ))Θ( I (t )) − γI k (t )
is infected with probability β if it is connected to one
infected nodes. At the same time, infected nodes are Theorem 2 In a time unit, the change rate of the
cured and become again susceptible with proportion of infected nodes in a P2P network is
~
probability γ . Peers run stochastically through the I ( t + 1) − I ( t ) = β k (1 − Θ ( I ( t ))) Θ ( I ( t )) − γ I ( t )
cycle susceptible → infected → susceptible, hence the Proof:
name of the model. The SIS model does not take into I k (t+1) − I k (t ) = βk (1 − I k (t ))Θ( I (t )) − γI k (t )
account the possibility of peer removal due to death or I k (t+1) = βk (1 − I k (t ))Θ( I (t )) + (1 − γ ) I k (t )
acquired immunization. p( k ) I k (t+1)
= βkp( k )(1 − I k (t ))Θ( I (t )) + (1 − γ ) p( k ) I k (t )
Lemma 1 In a P2P network with initial infected nodes,
⎛ ⎞
the probability that any susceptible node is infected is ∑ p(k ) I k (t+1) = β ⎜⎜
⎝
∑ kp(k ) −∑ kp(k ) I ⎟
k (t ) ⎟Θ( I (t ))
⎠
p = βkΘ( I (t )), k k k
kp( k ) I k (t ) ~ + (1 − γ ) ∑ p ( k ) I k (t )
where Θ( I (t )) = ∑ ∑ sP(s)
k
= k −1 ∑ kp(k ) I
k
k (t ) k
s
Proof : for any node with degree k , beacuse the ratio ~ ~
I (t + 1) − I (t ) = β ( k − k Θ( I (t )))Θ( I (t ) − γI (t )
of the number of infected neighbor nodes to the one ~
I (t + 1) − I (t ) = βk (1 − Θ( I (t )))Θ( I (t )) − γI (t )
of all neighbor nodes is I k ( t ), there are kI k ( t ) nodes
infected in all its neighbors. Thus, the average number
of infected neighbors in the network is ∑ kp ( k ) I
k
k ( t ). 4. Simulation experiments
1910
simplify simulation, the same assumptions are abided Figure 4 examines the effect of initial infected peers
by in the simulator. with varying degrees on the propagation of active
worms. Intuitively, for the initial infected peers with
4.2. Simulation Evaluation larger degrees, the active worm would spread faster
and reach the steady state with larger stationary and
According to Figure 1-3, no matter what the value of constant value of prevalence of infected peers. Figure
δ (= β / γ ) (called as valid infection rate) is, when it 4, however, shows that for initial infected peers with
reaches or surpass some value(the threshold), the varying degrees, the values of prevalence are same.
epidemic spreading of P2P active worms will reach an Indeed, initial infected peers with larger degrees will
endemic state with stationary and constant value of the lead to faster spreading of active worms, which
prevalence of infected peers. Moreover, when it suggests that the propagation of active can be throttled
reached or surpass some larger value, all peers will be by keeping those peers with larger degrees from
infected(Figure 1). On the contrary, when it is smaller worms.
than the threshold, all peers will be susceptible in some
time(Figure 3). 0.5
0.9
0.8 refer to the case of initial infected peers with 10
0.7 maximum degrees, while Selected infection(Min) with
0.6 Delta=2/3
0.5 Delta=1
10 minimum degrees.
0.4
Delta=2
0.3
0.2 5. Conclutions
0.1
0
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29
Time Units
In this paper, we aim at modeling P2P active worm
propagation in the discrete-time method. Large scale
Figure 2. The simulation results with varied values simulations are done in P2P networks with scale-free
of δ (middle) topology. According to the simulation results, we
analyze on the spreading properties of active worms in
P2P networks. The analysis on simulation results shows
0.18 that there exists some threshold value during spreading
Proportion of infected peers
1911
The author would like to thank the anonymous [7] M. Ripeanu, I. Foster, “Mapping the Gnutella Network:
reviewers for their valuable comments and suggestions Macroscopic Properties of Large-Scale Peer-to-Peer
that improve the presentation of this paper. This work is Systems”, Proceedings of 1-thInternational Workshop on
supported by the National Natural Science Foundation Peer-to-Peer Systems(IPTPS), 2002.
of China under Grant No.60473090 and the joint [8] D. Moore, C. Shannon, and k claffy. Code-Red: a case
research project funded by the Royal Society in the UK study on the spread and victims of an Internet worm. In
and by the National Natural Science Foundation of Proceedings of the Second ACM Internet Measurement
China (NSFC) under Grant No.60711130232. This Workshop, 2002.
[9] C. C. Zou, W. Gong, and D.Towsley, "Code Red Worm
work is also supported by the important project of
Propagation Modeling and Analysis", In Proceedings of9-th
Sichuan Normal University of China under Grant ACM Conference on Computer and Communication
No.07ZD018. Security(CCS), Washington DC, November 2002.
[10] Z. Chen, L. Gao, and K. Kwiat, "Modeling the Spread of
Active Worms", IEEE INFOCOM, 2003.
References [11] Wei Yu, "Analyze the Worm-Based Attack in Large
Scale P2P Networks", In Proceedings of8th IEEE
[1] S. Staniford, V. Paxson, and N.Weaver. How to Own the International Symposium on High Assurance Systems
Internet in Your Spare Time. In Proceedings of the 11th Engineering (HASE'04), 2004.
USENIX Security Symposium, San Francisco, CA, Aug.2002. [12] Wei Yu, "Analyzing the performance of Internet worm
[2] “eDonkey2000 server list,” http://ocbmaurice.no- attack approaches", In Proceedings of 13th International
ip.org/slist/serverlist.html. Conference on Computer ommunications and
[3] Bittorrent Protocol Specification v1.0, Networks,2004.
http://www.bitconjurer.org/BitTorrent/protocol.html [13] Wei Yu, Corey Boyer, Sriram Chellappan and Dong
[4] L. Zhou, L. Zhang, F. McSherry, N. immorlica,M. Costa, Xuan, "Peer-to-Peer System-based Active Worm
and S. Chien. A first look at peer-to-peer worms: Threats and Attacks:Modeling and Analysis", In Proceedings ofIEEE
defenses. In Proceedings of the 4thInternationalWorkshop on International Conference on Communications (ICC), May
Peer-to-Peer Systems, Ithaca,NY, Feb. 2005. 2005.
[5] Guanling Chen,Robert S. Gray. Simulating non-scanning [14] M. Ripeanu. Peer-to-peer architecture case
worms on peer-to-peer networks. In Proceedings of the 1st study:Gnutella network. In Proceedings of the First
international conference on Scalable information systems, International Conference on Peer-to-Peer Computing,
Hong Kong, China, 2006. Linkoping,Sweden, Aug. 2001.
[6] S. Ratnasamy, “A Scalable Content Addressable [15] S. Sen and J.Wang. Analyzing peer-to-peer traffic across
Network”, Proceedings of ACM SigComm. , San Diego, large networks. IEEE/ACM Transactions on
Networking,12(2), Apr. 2004.
2001.
1912