Worm Containment in Peer-to-Peer Networks

Recently there have been increasing attentions on the security aspects in Peer-to-Peer (P2P) networks, especially with respect to worm epidemics. However, existing worm containment mechanisms can be largely ineffective due to the long delay exhibited in worm identification and patch generation. In this paper, we propose a new worm containment algorithm based on the concept of overlay partition, which can effectively quarantine worms into small and more manageable sub-networks. This algorithm relies on a simple anomaly detection which takes effect much faster than existing schemes. With ldquobridge linksrdquo, the alert of an anomaly can be disseminated faster than random scanning and dedicated worms. Further, in order to deal with false positives, we propose a granularity based clustering algorithm, called CAGA, which, through extensive simulation, is shown to realize better service sustenance during unnecessary partition caused by false positives and can effectively contain fast worms. Finally, we examine the effects of topologies and network dynamics.