Dynamics of Malware Spread in Decentralized Peer-to-Peer Networks

K K Ramachandran, B Sikdar
2011 IEEE Transactions on Dependable and Secure Computing  
In this paper, we formulate an analytical model to characterize the spread of malware in decentralized, Gnutella type peer-to-peer (P2P) networks and study the dynamics associated with the spread of malware. Using a compartmental model, we derive the system parameters or network conditions under which the P2P network may reach a malware free equilibrium. The model also evaluates the effect of control strategies like node quarantine on stifling the spread of malware. The model is then extended
more » ... consider the impact of P2P networks on the malware spread in networks of smart cell phones. Index Terms-Malware propagation, peer-to-peer networks, Internet worms and viruses. Ç INTRODUCTION THE use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some important advantages over worms that spread by scanning for vulnerable hosts. This is primarily due to the methodology employed by the peers to search for content. For instance, in decentralized P2P architectures such as Gnutella [1] where search is done by flooding the network, a peer forwards the query to it's immediate neighbors and the process is repeated until a specified threshold time-to-live, T T L, is reached. Here T T L is the threshold representing the number of overlay links that a search query travels. A relevant example here is the Mandragore worm [2], that affected Gnutella users. Having infected a host in the network, the worm cloaks itself for other Gnutella users. Every time a Gnutella user searches for media files in the infected computer, the virus always appears as an answer to the request, leading the user to believe that it is the file the user searched for. The design of the search technique has the following implications: first, the worms can spread much faster, since they do not have to probe for susceptible hosts and second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks. Understanding the factors affecting the malware spread can help facilitate network designs that are resilient to attacks, ensuring protection of the networking infrastructure. This paper addresses this issue and develops an analytic framework for modeling the spread of malware in P2P networks while accounting for the architectural, topological, and user related factors. We also model the impact of malware control strategies like node quarantine. The rest of the paper is organized as follows: Section 2 presents the related work and the analytic framework is presented in Section 3. We analyze the model and study the impact of quarantine in Section 4. Simulation results validating our model are presented in Section 5 and Section 6 concludes the paper.
doi:10.1109/tdsc.2010.69 fatcat:i3gtkgdacjhilpr5nr3lqous2i