【作者】 唐浩坤；

【导师】 卢显良；

【作者基本信息】 电子科技大学 ， 计算机系统结构， 2013， 博士

【摘要】 作为分布式系统与计算机网络相结合的产物，点对点通信方式已经成为当前数据共享，即时通信与企业协同领域最流行的网络技术。P2P网络也已成为因特网的一个重要而不可或缺的组成部分。但是P2P网络也为蠕虫的攻击与传播提供了良好的平台，使之面临着一系列的安全威胁。尤其是当P2P蠕虫出现之后，因其对P2P网络带来的严重伤害以及对因特网构成的潜在威胁，使得这种情况日益恶化。因此如何在动态条件下防御P2P蠕虫的攻击已经成为一个很有的价值的研究热点。按照扫描策略的不同，可将蠕虫可为两类，一类是非扫描蠕虫，一类是扫描蠕虫。在网络蠕虫发展的初期，采用随机扫描方式寻找潜在攻击目标的扫描蠕虫占据主导；随着P2P应用的日益普及，借助邻居列表搜索潜在攻击目标的P2P蠕虫成为主流，P2P蠕虫正是一种典型的非扫描蠕虫。根据攻击方式的不同，又可把对P2P网络造成危重威胁的P2P蠕虫分为三类，第一类是被动型P2P蠕虫，它们将自己隐藏在恶意文件中，欺骗用户下载并执行这些文件实现自身的传播；第二类是沉默型P2P蠕虫，它们通过合法的网络链接实现自身的传播；第三类是主动型P2P蠕虫，也是危害最大的非扫描蠕虫。它们利用从入侵节点上所获取到的路由信息主动搜索并链接潜在的攻击目标实现自身传播。由于P2P蠕虫能够利用层叠网中的路由机制实现拓扑传播，省掉了扫描过程，使得P2P蠕虫的传播更加隐蔽，攻击更加高效。因此有必要建立各类P2P蠕虫的防御模型并以此描述P2P蠕虫的防御过程，同时利用模型推导影响P2P蠕虫防御性能的关键因素。在本文的研究中取得了如下创新成果：第一、针对结构化P2P网络中已有的主动蠕虫传播模型或多或少地忽略了P2P节点的动态性和多样性的问题，利用节点差异化理论，提出了一种防御策略，通过调整节点间的异构化参数，增加逻辑邻居节点间的配置差异来延缓主动蠕虫在结构化P2P网络中的传播速度。仿真实验证明通过调整相邻节点间的异构化参数可以有效地降低主动蠕虫在结构化P2P网络中的传播速度。第二、针对非结构化P2P网络中已有的主动蠕虫防御模型过于复杂的问题，创新性地提出利用形式化逻辑矩阵来描述对抗环境下的主动蠕虫传播过程。仿真实验证明了此模型在动态环境下描述主动蠕虫对抗过程与防御过程的可行性与有效性。第三、针对现有的大多数被动蠕虫防御模型或多或少地忽略P2P节点本身的随机搅动，定期隔离，突发下载，选择执行等动态属性对蠕虫传播效果影响的问题，构建了一个基于平均场法的被动蠕虫防御模型用于描述被动蠕虫在动态环境下的防御过程；针对平均场法防御模型忽略P2P节点间的信任关系，拓扑结构，安全意识以及潜在收益等社会属性对蠕虫传播效果的影响，利用节点间的信任评价体系和非零和博弈理论，构建了基于社交网络的被动蠕虫防御模型，并通过数值模拟与仿真实验证明这两类蠕虫防御模型的有效性与正确性。第四、针对当前已有的沉默蠕虫防御模型或多或少地忽略了部分P2P节点动态特性对蠕虫传播过程影响的问题，在充分考虑真实环境下制约沉默蠕虫传播效果的各种动态因素的前提下，利用平均场法理论与生物流行病学知识，构建了动态环境下的沉默蠕虫防御模型；针对上述模型忽略用户习惯对沉默蠕虫攻击效果存在巨大影响的问题，通过分析和比较不同时段的节点数量和用户行为，仿真了不同时段的在网节点规模，并利用概率论知识，提出了基于动态时间的沉默蠕虫防御模型。并通过数值分析和仿真实验证明了上述两类蠕虫防御模型的有效性与可行性，并借此推导出沉默蠕虫的关键防御时段。更多还原

【Abstract】 . Based on distributed system and computer networks, Peer-to-Peer (P2P) is themost popular networking technology for data sharing, instant messaging, andenterprise collaboration. P2P networks have become one part of Internet essentially.However, the current P2P networks are now facing serious security threat since theyalso provide an advantageous facility for worm attacking and propagation. Especiallythe emergence of P2P worms not only brings server harm to P2P networks, but alsoposes an underlying threat to Internet. Therefore, how to defend the P2P worm attacksin dynamic environment has become a significant research topic.According to scanning strategies, Worms can be divided into two categories. oneis scanning worms, the other is non-scanning worms. Scanning worm that found thepotential targets by employing a random scanning strategy occupied a dominantposition in early stages of Internet worm development, but now P2P worms that tend tofind the potential targets by employing neighbor list became mainstream with thedevelopment and popularization of P2P applications. P2P worm is a kind of typicalnon-scannig worm. According to attacking ways, P2P worms that brought much greatthreat to P2P networks security can be divided into three groups. Passive worm,reactive worm and active worm. Passive worms hide themselves in malicious files andtrick users into downloading and executing them for propagation; reactive worms onlypropagate themselves with legitimate network activities; and active worms, they arethe most dangerous non-scannig worm in P2P networks, automatically connect to andinfect the potential targets by using topological information for propagation.As P2P worms can carry out topology propagation by overlay networks, omit thescanning process, which made their propagation more stealthier and their attack moreefficient. It is necessary to establish defense models to exactly describe the defenseprocess of P2P worm, and find a number of key parameters to affect the defensiveperformance of P2P worm by employing these models. This paper makes the followingfour contributions.1) Considering the existing propagation models of active worm in structured P2P system more or less ignored the diversity and dynamic of P2P nodes, a preventionstrategy using node heterogeneous theory is proposed by adjusting the heterogeneousvariable and increasing the configuration differences of adjacent logical nodes instructured P2P network to slow the propagation speed of active worm. Simulationresults show that the spreading speed of active worms in structured P2P network canbe slowed down efficiently by adjusting the heterogeneous variable betweenneighboring nodes.2) Considering the existing defense models of active worm in unstructured P2Psystem are too complex, formalized logic matrix is innovatively put forwarded tocharacterize the propagation of active worm in adversarial environment. Simulationresults show this model is effective and feasible to describe countermeasure processand defense process of active worms in dynamic environment.3) Considering the existing defense models of passive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, such asrandom stir, regular quarantine, sudden traffic and selective execution. A defensemodel of passive worm based on mean-filed theory is proposed to characterize thedefense process of passive worm in dynamic environment. Given the foregoing modelignores the impact of the social attribute of P2P nodes on the spread of worms, such astrust relationship, network topology, security awareness and potential profit. A defensemodel of passive worm based on social network theory is proposed by using creditevaluation system and non-zero-sum game theory．The accuracy and validity of thesedefense models are proved by numerical simulation and simulation experiment.4) Considering the existing defense models of reactive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, a defensemodel of reactive worm is proposed by using mean-filed theory and epidemiologymodel with fully considering various dynamic factors that restrict the propagation ofreactive worm in real environment. Given the foregoing model ignores the impact ofuser behavior on the spread of worms, network size is simulated by analyzingcomparing network size and user behavior at different time periods, and a defensemodel of reactive worm based on dynamic time is proposed by using probabilitytheory. The accuracy and validity of these defense models are proved by numerical simulation and simulation experiment, also the key periods of reactive worm defense isdeduced.更多还原