Loading...

Passive Worm and Malware Detection in Peer-to-Peer Networks

Fahimian, Sahar | 2010

760 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: English
  3. Document No: 40690 (52)
  4. University: Sharif University of Technology, International Campus, Kish Island
  5. Department: Science and Engineering
  6. Advisor(s): Kharrazi, Mehdi
  7. Abstract:
  8. Due to advantages of Peer-to-Peer (P2P) networks, many internet users use them for content distribution (Many internet users distribute content using them). These systems may be categorized to Centralized, Pure, and Hybrid. Gnutella is a heavily decentralized and unstructured file sharing P2P networks that are responsible for a good part of the traffic on the internet. These P2P networks are at risk of many security threats from internet worms. Internet worms and their threats are a major concern to the networking community. In this thesis we concentrate on passive non-scanning worms and propose a novel approach to detect such worms. As part of our work, we collected data from the Gnutella network with IR-WIRE crawler for 12 days and measured the popularity of files. We then selected the top 55 popular files between the first and last day of our capture based on their hash values and show that we are able to detect passive worms and malwares correctly. To the best of our knowledge, this is the first work on worm detection that employs hash values and file availability for this purpose.


  9. Keywords:
  10. Peer-to-Peer Network ; Kermanshah City ; Internet Worms ; Walwares ; Worm Detection ; Popularity

 Digital Object List

 Bookmark

No TOC