LightBlog
Contact at mumbai.academics@gmail.com or 8097636691/9323040215
Responsive Ads Here

Thursday, 22 February 2018

Dynamics of Malware Spread in Decentralized Peer - to - Peer Networks


Dynamics of Malware Spread in Decentralized

 Peer - to - Peer Networks

ABSTRACT:            
In this paper, we formulate an analytical model to characterize the spread of malware in decentralized peer-to-peer (P2P) networks and study the dynamics associated with the spread of malware. Using a compartmental model, we derive the system parameters or network conditions under which the P2P network may reach a malware free equilibrium. The model also evaluates the effect of control strategies like node quarantine on stifling the spread of malware. The model is then extended to consider the impact of P2P networks on the malware spread in networks.
PROJECT PURPOSE:
THE use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some important advantages over worms that spread by scanning for vulnerable hosts. This is primarily due to the methodology employed by the peers to search for content. For instance, in decentralized P2P architectures such as Gnutella where search is done by flooding the network, a peer forwards the query to it’s immediate neighbors and the process is repeated until a specified threshold time-to-live, TTL, is reached. First, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks.
PROJECT SCOPE: 
Every time a Gnutella user searches for media files in the infected computer, the virus always appears as an answer to the request, leading the user to believe that it is the file the user searched for. The design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less.
We formulate a comprehensive model for malware spread in Gnutella type P2P networks that addresses the above shortcomings. We develop the model in two stages: first, we quantify the average number of peers within TTL hops from any given peer and in the second stage incorporate the neighborhood information into the final model for malware spread.
PRODUCT FEATURES:
We developed an analytic model to understand the dynamics of malware spread in P2P networks. The need for an analytic framework incorporating user characteristics (e.g., offline to online transitional behavior) and communication patterns (e.g., the average neighborhood size) was put forth by quantifying their influence on the basic reproduction ratio. It was shown that models that do not incorporate the above features run the risk of grossly overestimating R0 and thus falsely report the presence of an epidemic.
INTRODUCTION:
THE use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some important advantages over worms that spread by scanning for vulnerable hosts. This is primarily due to the methodology employed by the peers to search for content. For instance, in decentralized P2P architectures such as Gnutella where search is done by flooding the network, a peer forwards the query to it’s immediate neighbors and the process is repeated until a specified threshold time-to-live, TTL, is reached. Here TTL is the threshold representing the number of overlay links that a search query travels. A relevant example here is theMandragore worm that affected Gnutella users. Having infected a host in the network, the worm cloaks itself for other Gnutella users.
Every time a Gnutella user searches for media files in the infected computer, the virus always appears as an answer to the request, leading the user to believe that it is the file the user searched for. The design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks. Understanding the factors affecting the malware spread can help facilitate network designs that are resilient to attacks, ensuring protection of the networking infrastructure.
This paper addresses this issue and develops an analytic framework for modeling the spread of malware in P2P networks while accounting for the architectural, topological, and user related factors. We also model the impact of malware control strategies like node quarantine. Though the initial thrust in P2P research was measurement oriented, subsequent works have proposed analytical models for the temporal evolution of information in the network. The focus of these works is on transfer of regular files and they do not apply to malware that spread actively. In addition, they are specialized to Bit Torrent like networks and cannot be extended for P2P networks such as Gnutella or KaZaa.
The issue of worms in peer-to-peer networks is addressed in using a simulation study of P2P worms and possible mitigation mechanisms. Epidemiological models to study malware spread in P2P networks.  These studies assume that a vulnerable peer can be infected by any of the   infected peers in the network. This assumption is invalid since the candidates for infecting a peer are limited to those within TTL hops away from it and not the entire network. Another important omission is the incorporation of user behavior. Typically, users in a P2P network alternate between two states: the on state, where they are connected to other peers and partake in network activities and the off state wherein they are disconnected from the network. Peers going offline result in fewer candidates for infection thereby lowering the intensity of malware spread. An empirical model for malware spreading in BitTorrent is developed in while models for the number of infected nodes by dynamic hit list-based malware in BitTorrent networks.
However, these models ignore node dynamics such as online-offline transitions and are applicable only to BitTorrent networks. In the authors use hypercubes as the graph model for P2P networks and derive a limiting condition on the spectral radius of the adjacency graph, for a virus/worm to be prevalent in the network. The models do not account for the fact that once a peer is infected, any susceptible peer within a TTL hop radius becomes a likely candidate for a virus attack. In the current work, we formulate a comprehensive model for malware spread in Gnutella type P2P networks that addresses the above shortcomings. We develop the model in two stages: first, we quantify the average number of peers within TTL hops from any given peer and in the second stage incorporate the neighborhood information into the final model for malware spread.
PROBLEM DEFINITION:
Every time a Gnutella user searches for media files in the infected computer, the virus always appears as an answer to the request, leading the user to believe that it is the file the user searched for. The design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less.
EXISTING SYSTEM:
Social networking and peer-to-peer sites, web applications and mobile platforms makes today's users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the power-law connectivity for finding new victims.
The traditional epidemic models based on assumptions of homogeneity, average degree distributions, and perfect-mixing are inadequate to model this type of malware propagation. THE use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some important advantages over worms that spread by scanning for vulnerable hosts.
LIMITATIONS OF EXISTING SYSTEM:
Limitation primarily due to the methodology employed by the peers to search for content design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks.
PROPOSED SYSTEM:
In this paper addresses this issue and develops an analytic framework for modeling the spread of malware in P2P networks while accounting for the architectural, topological, and user related factors. We also model the impact of malware control strategies like node quarantine.
We have proposed analytical models for the temporal evolution of information in the network. The focus of these works is on transfer of regular files and they do not apply to malware that spread actively. In addition, they are specialized to Bit Torrent like networks and cannot be extended for P2P networks such as Gnutella or KaZaa.
In the authors use hyper cubes as the graph model for P2P networks and derive a limiting condition on the spectral radius of the adjacency graph, for a virus/worm to be prevalent in the network. The models do not account for the fact that once a peer is infected, any susceptible peer within a TTL hop radius becomes a likely candidate for a virus attack.
ADVANTAGES OF PROPOSED SYSTEM:
In the current work, we formulate a comprehensive model for malware spread in Gnutella type P2P networks that addresses the above shortcomings. We develop the model in two stages: first,   we quantify the average number of peers within TTL hops from any given peer and in the second stage incorporate the neighborhood information into the final model for malware spread.
MODULES DESCRIPTION:
P2P NETWORK MODULE:
THE use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some important advantages over worms that spread by scanning for vulnerable hosts. This is primarily due to the methodology employed by the peers to search for content. For instance, in decentralized P2P architectures such as Gnutella  where search is done by flooding the network. The design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks.
IMPORTANT QUANTITIES IN MODELING:
The malware propagation model of a worm reflects the fractions of vulnerable hosts that are infected, active, and retired over time. A scan message that does not hit any vulnerable host does not change these numbers. Thus, modeling   should only be based on the event of a scan message hitting a vulnerable host. When that event happens, all aforesaid numbers change. We derive the model by analyzing the precise amounts by which they change.
SCANNING HOSTS AT DIFFERENT LAYERS:
An active infected host never changes its layer by hitting a new infection. This is because the layer of a host indicates how many old infections the active host has hit till that time, and hitting a new infection does not change that. However, when it hits an old infection, it takes a jump, moves to the next layer, and becomes either ineffective or nascent depending on whether it jumps into a covered area or not.
MALWARE PROPAGATION:
The transfer of information in a P2P network is initiated with a search request for it. This paper assumes that the search mechanism employed is flooding, as in Gnutella networks. In this scenario, a peer searching for a file forwards a query to all its neighbors. A peer receiving the query first responds affirmatively if in possession of the file and then checks the TTL of the query. If this value is greater than zero, it forwards the query outwards to its neighbors, else, the query is discarded. In our scenario, it suffices to distinguish any file in the network as being either malware or otherwise.
We make the following assumptions about the system:
v  The number of members in a compartment is a differentiable function of time. This holds true in the event of large compartment sizes and since P2P networks comprise of tens of thousands of users, assuming this is quite reasonable.
v  By abstracting the P2P graph through differential equations, the emphasis is more on the numbers of each class, rather than the particulars of each member of the respective classes.
v  The spread of files in the P2P network is deterministic, i.e., the behavior is completely determined by the rules governing the model. In other words, the properties of a class are dictated by the number of members present.
v  The size of the network does not vary over the time during which the spread of malware is modeled.
INTERNET WORMS AND VIRUSES:
Worms in peer-to-peer networks is addressed in using a simulation study of P2P worms and possible mitigation mechanisms. Epidemiological models to study malware spread in P2P networks. These studies assume that a vulnerable peer can be infected by any of the infected peers in the network. This assumption is invalid since the candidates for infecting a peer are limited to those within TTL hops away from it and not the entire network. Another important omission is the incorporation of user behavior. Typically, users in a P2P network alternate between two states: the on state, where they are connected to other peers and partake in network  activities and the off state wherein they are disconnected from the network. Peers going offline result in fewer candidates for infection thereby lowering the intensity of malware spread. the authors use hypercubes as the graph model for P2P networks and derive a limiting condition on the spectral radius of the adjacency graph, for a virus/worm to be prevalent in the network. The models do not account for the fact that once a peer is infected, any susceptible peer within a TTL hop radius becomes a likely candidate for a virus attack.
HARDWARE AND SOFTWARE REQUIREMENTS:
HARDWARE REQUIREMENTS:
•         System                        :           Pentium IV 2.4 GHz.
•         Hard Disk                   :           40 GB.
•         Floppy Drive   :           1.44 Mb.
•         Monitor           :           15 VGA Colour.
•         Mouse             :           Logitech.
•         Ram                 :           512 Mb.
SOFTWARE REQUIREMENTS:
•         Operating system        :  Windows XP.
•         Coding Language       :  JDK 1.6
•         Tools                           :  Eclipse 3.3 

No comments:

Post a Comment