Fast quarantining of proactive worms in unstructured P2P networks

P2P worms pose a serious threat to Internet infrastructure and terminal users because of their overwhelming propagation speed. Manual reactions fall behind the fast propagation of P2P worms. Current automatic techniques are still not adequate to be deployed on a large scale for several challenges including low accuracy, low efficiency, etc. In this paper, we bring forward a repair-and-patch approach to quarantine malicious worms quickly in unstructured P2P networks. Our work has two major contributions. Firstly, we propose two kinds of benign worms, which differ in functions and spread strategies, to cooperatively battle against malicious worms. Secondly, we derive discrete difference equations to depict the interplay between malicious and benign worms. Four factors — manual countermeasures, P2P topology, configuration diversity and attack and defense strategies — are modeled in the equations. Preliminary experiments are promising. Compared with sheer manual reactions, our approach is about two times faster and protects about 35% more hosts. In comparison with benign worms, which search targets by random scanning, our proposed method guards about 34.4% more hosts with lower consumption of bandwidth resources.