Title :
Passive Worm and Malware Detection in Peer-to-Peer Networks
Author :
Fahimian, Sahar ; Movahed, Amirvala ; Kharrazi, Mehdi
Author_Institution :
Dept. of Inf. Technol., Sharif Univ. of Technol., Kish Island, Iran
Abstract :
Today P2P networks are responsible for a large amount of traffic on the Internet, as many Internet users employ such networks for content distribution. At the same time, P2P networks are vulnerable to security threats such as Internet worms and facilitate their propagation. Internet worms and more generally malware are a major concern to the network security community. There are many different type of worms in the wild, mostly categorized based on how they find and infect their new victims (i.e. active, passive, etc.). In this paper, we investigate a new approach for detecting passive worms and malware in P2P networks based on the popularity of files in the network. As part of our investigation, we crawl the Gnutella P2P network over a 12 day period collecting file names and file popularity statistics. We are then able to extract the highly popular files and identify worm/malware files within them with high accuracy.
Keywords :
Internet; invasive software; peer-to-peer computing; Gnutella P2P network; Internet; malware detection; passive worm detection; peer-to-peer networks; security threats; Detection; Peer-to-Peer; Worm;
Conference_Titel :
Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9719-5
Electronic_ISBN :
978-0-7695-4322-2
DOI :
10.1109/EUC.2010.133
