The frequency and scale of worm attacks on the Internet are increasing each year. The speed and severity of worm attacks are particularly alarming over peer-to-peer (p2p) networks, maybe on account of their popularity and the fact that they represent a significant portion of Internet traffic. It is well documented that worms in a p2p network spread much faster than the Internet, due to the rich host connectivity and the constant data exchange among the peers in the network. In this paper, we investigate strategies to curb the spread of worms in p2p networks, and offer countermeasures against this emerging cyber threat. In particular, we study the problem of disseminating security patches over a p2p network, while simultaneously containing the spread of topological worms in the network. As a solution, we propose a self-organizing, dynamic, emergent, defense p2p topology called ‘Spawn’ to combat this threat which ensures that: 1) the worm propagation is slowed by quarantining it to a confined portion of the network while simultaneously, and; 2) the security patch is disseminated to most nodes in the p2p network before the worm reaches them. This topology is built on the principle that the worm propagates epidemically, and we permit the security patch to propagate itself over the topology using epidemic gossip techniques. We show that our topology and patch dissemination mechanism is faster, dynamic and more efficient and scalable than comparable schemes in the literature. Our emergent algorithmic approach presents a novel defense architecture for deploying p2p networks and we outline a number of design directions to improve the resilience of p2p networks against topological worms.

Aspnes, J., Rustagi, N. and Saia, J. (2007), Worm versus alert: Who wins in a battle for control of a large-scale network? In Principles of Distributed Systems, pages 443-456. Springer, 2007.

Bailey N. T. (1975). The mathematical theory of infectious diseases and its applications. Charles Griffin & Company Ltd, 5a Crendon Street, High Wycombe, Bucks HP13 6LE. 1975.

Bastian, M., Heymann, S. and Jacomy, M. (2009). Gephi: An open source software for exploring and manipulating networks. In E. Adar, M. Hurst, T. Finin, N. S. Glance, N. Nicolov, and B. L. Tseng, editors, ICWSM. The AAAI Press, 2009. ISBN 978-1-57735-421-5.

Cai, M., Hwang, K., Kwok, Y.-K. Song, S. and Chen, Y (2005). Collaborative internet worm containment. Security & Privacy, IEEE, 3(3):25-33, 2005.

Chen, T., Zhang, X.-s., Li, H., Li, X.-d. and Wu, Y. (2011). Fast quarantining of proactive worms in unstructured p2p networks. Journal of Network and Computer Applications, 34(5):1648-1659, 2011.

Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Shannon, C. and Brown, J (2004). Can we contain internet worms? In Proceedings of the 3rd Workshop on Hot Topics in Networks (HotNets-III). Citeseer, 2004.

Demers, A., Greene, D., Hauser, C., Irish, W., Larson, J., Shenker, S., Sturgis, H., Swinehart, D. and Terry, D. (1987). Epidemic algorithms for replicated database maintenance. In Proceedings of the sixth annual ACM Symposium on Principles of distributed computing, pages 1-12. ACM, 1987.

Dolev, D. and Yao, A. (1983). On the security of public key protocols. Information Theory, IEEE Transactions on, 29(2):198-208, 1983.

Eugster, P.T., Guerraoui, R., Handurukande, S. B., Kouznetsov, P. and Kermarrec, A.-M. (2003). Lightweight probabilistic broadcast. ACM Transactions on Computer Systems (TOCS), 21(4):341-374, 2003.

Eugster, P. T., Guerraoui, R., Kermarrec, A.-M. and Massoulie, L. (2004). From epidemics to distributed computing. IEEE computer, 37(5): 60-67, 2004.

Ganesh, A. J., Kermarrec, A.-M. and Massoulie, L. (2003). Peer-to-peer membership management for gossip-based protocols. Computers, IEEE Transactions on, 52(2):139-149, 2003.

Gkantsidis, C., Karagiannis, T. and Vojnovic, M. (2006). Planet scale software updates. ACM SIGCOMM Computer Communication Review, 36(4):423-434, 2006.

Gummadi, K. P., Saroiu, S. and Gribble, S. D. (2002). King: Estimating latency between arbitrary internet end hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, pages 5-18. ACM, 2002.

Hui, K. Y., Lui, J. C. and Yau, D. K. (2004). Small world overlay p2p networks. In Quality of Service, 2004. IWQOS 2004. Twelfth IEEE International Workshop on, pages 201-210. IEEE, 2004.

Jelasity, M., Kowalczyk, W. and Van Steen, M. (2003). Newscast computing. Technical report, Technical Report IR-CS-006, Vrije Universiteit Amsterdam, Department of Computer Science, Amsterdam, The Netherlands, 2003.

Jung, J., Paxson, V., Berger, A. W. and Balakrishnan, H. (2004). Fast portscan detection using sequential hypothesis testing. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pages 211-225. IEEE, 2004.

Kaspersky. Kazaa and FastTrack P2P Network Client Buffer Overflow. Vulnerability, 2003 (accessed June 26, 2013). URL: http://www.securelist.com/en/advisories/8868

Kleinberg, J. (2000). The small-world phenomenon: an algorithm perspective. In Proceedings of the thirty-second annual ACM symposium on Theory of computing, pages 163-170. ACM, 2000.

Leibowitz, N., Ripeanu, M. and Wierzbicki, A. (2003). Deconstructing the kazaa network. In Internet Applications. WIAPP 2003. Proceedings. The Third IEEE Workshop on, pages 112-120. IEEE, 2003.

Liang, J., Kumar, R. and Ross, K. W. (2004). Understanding Kazaa. Submitted for publication in 2004.

Liu, X., Hu, Z., Liu, G., Wang, Z. and Jia, C. (2011). Defending p2p networks based on benign worms. Journal of Computational Information Systems, 7(7): 2532-2539, 2011.

McAfee (2011). McAfee Rumor Technology, 2011 (accessed June 26, 2013). URL: https://www.mcafeeasap.com/MarketingContent/Products/HowItWorks.aspx.

Montresor, A. and Jelasity, M. (2009). PeerSim: A scalable P2P simulator. In Proceedings of the 9th Int. Conference on Peer-to-Peer (P2P'09), pages 99-100, Seattle, WA, Sep 2009.

Raab, M. and Steger, A. (1998). Balls into bins: a simple and tight analysis. In Randomization and Approximation Techniques in Computer Science, pages 159-170. Springer, 1998.

Ripeanu, M. (2001). Peer-to-peer architecture case study: Gnutella network. In Peer-to-Peer Computing, 2001. Proceedings. First International Conference on, pages 99-100. IEEE, 2001.

Shakkottai, S. and Srikant, R. (2006). Peer to peer networks for defense against internet worms. In Proceedings from the 2006. Workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications systems, page 5, 2006.

Shashidhar, N. and Chen, L. (2014). Curbing the spread of topological worms - a defense topology for the p2p cyberspace. The Third ASE International Conference on Cyber Security, Stanford, CA, USA. 3(4):372-379, 2014.

Stoica, I., Morris, R., Karger, D., Kaashoek, M. F. and Balakrishnan, H. (2001). Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev., 31(4):149-160, Aug. 2001. ISSN 0146-4833.

Vojnovic, M., and Ganesh, A. (2005). On the effectiveness of automatic patching. In Proceedings of the 2005 ACM workshop on Rapid malcode, pages 41-50. ACM, 2005.

Vojnovic, M. and Ganesh, A. J. (2008). On the race of worms, alerts, and patches. IEEE/ACM Transactions on Networking (TON), 16(5):1066-1079, 2008.

Watts, D. J. (1999). Small worlds: the dynamics of networks between order and randomness. Princeton university press, 1999.

Weaver, N., Paxson, V., Staniford, S. and Cunningham, R. (2003). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode, pages 11-18. ACM, 2003.

Weaver, N., Staniford, S., and Paxson, V. (2004). Very fast containment of scanning worms. 13th USENIX Security Symposium, pages 29-44, 2004.

Williamson, M. M. (2002). Throttling viruses: Restricting propagation to defeat malicious mobile code. In Computer Security Applications Conference, 2002. Proceedings. 18th Annual, pages 61-68. IEEE, 2002.

Wu, D., Dhungel, P., Hei, X., Zhang, C. and Ross, K. W. (2010). Understanding peer exchange in bittorrent systems. In Peer-to-Peer Computing (P2P), 2010 IEEE Tenth International Conference on, pages 1-8. IEEE, 2010.

Xie, L. and Zhu, S. (2007). A feasibility study on defending against ultra-fast topological worms. In Peer-to-Peer Computing, 2007. P2P 2007. Seventh IEEE International Conference on, pages 61-70. IEEE, 2007.

Zhan, B., Tokarchuk, L., Feng, C., and Qin, Z. (2008). Defense against passive worms in p2p networks. In Proceedings of Networking & Electronic Commerce Research Conference (NAEC 2008), 2008.

Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M. and Chien, S. (2005). A first look at peer-to-peer worms: Threats and defenses. Peer-to-Peer Systems IV, pages 24-35. Springer, 2005.

Zou, C. C., Gao, L., Gong, W. and Towsley, D. (2003). Monitoring and early warning for internet worms. In Proceedings of the 10th ACM conference on Computer and communications security, pages 190-199. ACM, 2003.