节点文献
主动型P2P蠕虫传播模型与遏制技术研究
【作者】 陈厅;
【导师】 张小松;
【作者基本信息】 电子科技大学 , 计算机应用技术, 2010, 硕士
【摘要】 点对点技术(Peer-to-Peer)从上世纪90年代末提出到现在,短短十来年时间得到了迅猛的发展,不久前Peer-to-Peer(P2P)流量已经超越WEB流量成为了互联网上最庞大的网络流量,P2P技术也从最初的单纯应用于文件共享扩展到实时语音视频点播、即时通信等各个领域。P2P技术的快速发展和P2P应用的日益增多,带来了一系列的安全问题。P2P蠕虫是一种利用P2P网络进行传播的蠕虫,与非P2P蠕虫相比,它的传播速度更快,更难以检测和遏制,P2P蠕虫已经对Internet造成了严重的安全威胁。在各类P2P蠕虫中,主动型P2P蠕虫的传播速度最快,对网络应用程序与网络设施的破坏能力也最强。目前研究人员针对主动型P2P蠕虫的传播模型进行了初步的研究,提高了人们对P2P蠕虫的原理,危害性等方面的认识,同时也促进了对其检测和遏制技术的研究。但目前的该类蠕虫的传播模型在不同程度上都存在着将影响其传播的现实因素过度简化的问题,因此这些模型并不能准确描述主动型P2P蠕虫的网络行为和传播趋势。近年的研究显示,对主动型P2P蠕虫的检测和遏制大都沿用针对非P2P蠕虫的技术而没有根据该类蠕虫的特点提出一些有针对性的方法,因此,在误报率,漏报率和检测效率等方面都不理想。本文对主动型的传播模型,主动型P2P蠕虫的遏制技术进行了研究,取得了以下三个方面的成果:1.提出了四因素传播模型。本文提出了有四个因素可以明显影响主动型P2P蠕虫的传播,这个四个因素分别是:网络拓扑结构、普通用户和Internet服务提供者(ISPs)的遏制措施、网络结点配置的差异和攻防策略。本文根据这四个因素提出了一个离散时间传播模型(四因素模型)并将这四个因素和模型各个参数变化对主动型P2P蠕虫传播的影响进行了定量分析。实验表明,相比其他同类模型而言,四因素模型可以更好的描述该类蠕虫的网络行为和传播趋势。此外,本文指出增大网络结点配置的差异程度和重点保护关键结点可以有效的降低该类蠕虫的传播速度。2.提出了基于自动身份认证的主动型P2P蠕虫遏制技术。本文指出通过对P2P通信参与者进行准确的身份认证可以很好的遏制蠕虫传播。该技术是一种独立于蠕虫检测结果的遏制技术,并能够实时的对所有的已知的,未知的主动型P2P蠕虫进行彻底的遏制,甚至完全阻断其传播。本文对该方法的原理,实现过程和特点进行了详细的分析,分析结果表明,基于自动身份认证的主动型P2P蠕虫遏制技术在实时性和准确性上优于其他遏制技术。3.设计了三个安全协议实现了自动身份认证功能。本文对这三个安全协议进行了详细的描述并采用串空间模型对这三个协议的安全性进行了严格的论证,得出了这三个协议可以抵抗常见攻击的结论。
【Abstract】 Peer-to-Peer (P2P) technique was proposed in the late nineties last century and it has achieved great development for about ten years. Not long ago, P2P traffic took the place of WEB traffic as the dominant network traffic in the Internet. P2P technique has been made use of in the field of real-time voice and video, instant messages etc but it was reckoned as only a useful vehicle for file sharing in early years. The emergence of a lot of new security problems can impute to the rapid development of the P2P technique and the increase of the P2P services. P2P worm is a kind of worm which can spread by P2P network and it becomes a severe threat to the Internet since P2P worms spread much faster and are more difficult to detect and constrain than un-P2P worms. Proactive P2P worm is a kind of P2P worms which spread fastest and devastate network services and infrastructure most seriously.The propagation model of proactive P2P worm has been preliminarily learned and these researches prompt the common users’cognition of the principle and hazard of proactive P2P worm. But these models have a common shortcoming more or less: excessively simplify the practical factors which can impact worm propagation. As a result, these models are not competent to accurately simulate the behavior and propagation trend of the proactive P2P worm. Investigations in the late years show that the majority of the current detection and constraint techniques only aim at un-P2P worms, thus these techniques may not adapt to proactive P2P worms. Consequently, the current detection and constraint techniques do not satisfy the false positive and false negative demands. This paper researches the propagation model and constraint techniques of the proactive P2P worm. There are three major contributions of this paper as follows:1. We propose a four factor proactive P2P worm propagation model. This paper indicates that there are four factors which can obviously impact the propagation of the proactive P2P worm: network topology, countermeasures taken by users and Internet Services Providers (ISPs), configuration diversity of network nodes and attack/defense strategies. Based on these four factors, we propose a discrete time model and emphasize the quantitative analysis of the impact to the proactive P2P worm propagation which is brought by the four factors and the change of any parameters of the model. Experiments demonstrate that our four factor model is better to simulate the behavior and propagation trend of the proactive P2P worm than the other models. Moreover, this paper indicates that there are two methods can slow down the proactive P2P worm efficiently: increase the configuration diversity of the network nodes and protect the critical nodes from compromising.2. This paper is an attempt to constrain the proactive P2P worm by auto authentication technique. The main idea of this technique is that it is available to baffle worm propagation by accurately authenticating P2P communication participants. This technique is independent of worm detection results and it is able to thoroughly constrain all known and unknown proactive P2P worms in real time so much as to cut off worm propagation in the extreme. This paper dwells on the analysis of the principle, progress and properties of this technique. The analysis shows that our auto authentication technique is better than the other techniques for its real time feature and accuracy.3. We design three secure protocols to implement the auto authentication technique. This paper elaborates on these three protocols and proves the security of the three protocols strictly based on the Strand Space model. As a result, we conclude that these three protocols are able to resist common attacks.
【Key words】 Proactive P2P Worm; Four Factor Model; Auto Authentication; Secure Protocols; Strand Space Model;