Journal of Zhejiang University SCIENCE C

, Volume 11, Issue 2, pp 119–129 | Cite as

Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks

  • Xiao-song Zhang
  • Ting Chen
  • Jiong Zheng
  • Hua Li


It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon engender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model, in this paper, we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors: (1) network topology, (2) countermeasures taken by Internet service providers (ISPs) and users, (3) configuration diversity of nodes in the P2P network, and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways: improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.

Key words

Proactive peer-to-peer (P2P) worm propagation modeling Network topology Configuration diversity Attack and defense strategies Four-factor model 

CLC number

TP309.5 TP393.08 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Adamic, L.A., Lukose, R.M., Puniyani, A.R., Huberman, B.A., 2001. Search in power-law networks. Phys. Rev. E, 64(4): 461351–461358. [doi:10.1103/PhysRevE.64.046135]CrossRefGoogle Scholar
  2. Albert, R., Jeong, H., Barabdsi, A.L., 2000. Error and attack tolerance of complex networks. Nature, 406(6794): 378–382. [doi:10.1038/35019019]CrossRefGoogle Scholar
  3. Bu, T., Towsley, D., 2002. On Distinguishing Between Internet Power Law Topology Generators. Proc. IEEE Conf. on Computer Communications, p.638–647. [doi:10.1109/INFCOM.2002.1019309]Google Scholar
  4. Chen, G., Gray, R.S., 2006. Simulating Non-Scanning Worms on Peer-to-Peer Networks. Proc. 1st Int. Conf. on Scalable Information Systems, p.29–41. [doi:10.1145/1146847.1146876]Google Scholar
  5. Cohen, R., Erez, K., Avraham, D.B., Havlin, S., 2000. Resilience of the Internet to random breakdowns. Phys. Rev. Lett., 85(21):4626–4628. [doi:10.1103/PhysRevLett.85.4626]CrossRefGoogle Scholar
  6. Cowie, J., Ogielski, A., Premore, B., Yuan, Y., 2001. Global Routing Instabilities During Code Red II and Nimda Worm Propagation. Available from [Accessed on Aug. 8, 2002].
  7. eEye Digital Security, 2001a. Analysis:.ida “Code Red” Worm. Available from [Accessed on Mar. 22, 2008].
  8. eEye Digital Security, 2001b. Analysis: Code Red II Worm. Available from [Accessed on Sept. 12, 2005].
  9. F-secure, 2004. Mydoom. Available from [Accessed on Mar. 17, 2005].
  10. Feng, C., Qin, Z., Cuthbet, L., Tokarchuk, L., 2008. Propagation Model of Active Worms in P2P Networks. Proc. 9th Int. Conf. for Young Computer Scientists, p.1908–1912. [doi:10.1109/ICYCS.2008.237]Google Scholar
  11. Frauenthal, J.C., 1980. Mathematical Modeling in Epidemiology. Springer-Verlag, New York, p.1–7.MATHGoogle Scholar
  12. Khiat, N., Charlinet, Y., Agoulmine, N., 2006. The Emerging Threat of Peer-to-Peer Worms. Proc. 1st EEE Workshop on Monitoring, Attack Detection and Mitigation, p.1–3.Google Scholar
  13. Li, Z., Zhang, Y., Hu, Z., Lin, H., Lu, C., 2009. Network-Based Detection Method Against Proactive P2P Worms Leveraging Application-Level Knowledge. Proc. 1st Int. Workshop on Education Technology and Computer Science, p.575–580. [doi:10.1109/ETCS.2009.661]Google Scholar
  14. McIlwraith, D., Paquier, M., Kotsovinos, E., 2008. Di-Jest: Autonomic Neighbour Management for Worm Resilience in P2P Systems. Proc. IEEE Int. Symp. on a World of Wireless, Mobile and Multimedia Networks. [doi:10.1109/WOWMOM.2008.4594898]Google Scholar
  15. Nie, X., Wang, Y., Jing, J., Liu, Q., 2008. Understanding the Impact of Overlay Topologies on Peer-to-Peer Worm Propagation. Proc. Int. Conf. on Computer Science and Software Engineering, p.863–867. [doi:10.1109/CSSE.2008.610]Google Scholar
  16. Random Nut, 2003. The PACKET 0’ DEATH FastTrack Network Vulnerability. Available from [Accessed on June 18, 2005].
  17. Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S., 2001. A scalable content addressable network. ACM SIGCOMM Comput. Commun. Rev., 31(4):161–172. [doi:10.1145/964723.383072]CrossRefGoogle Scholar
  18. Ripeanu, M., Foster, I., 2002. Mapping the gnutella network: macroscopic properties of large-scale peer-to-peer systems. LNCS, 2429:85–93. [doi:10.1007/3-540-45748-8]Google Scholar
  19. Rowstron, A., Druschel, P., 2001. Pastry: scalable, decentralized object location and routing for large-scale peer-to-peer systems. LNCS, 2218:329–350. [doi:10.1007/3-540-45518-3]Google Scholar
  20. Silvey, P., Hurwitz, L., 2004. Adapting Peer-to-Peer Topologies to Improve System Performance. Proc. Hawaii Int. Conf. on System Sciences, p.3117–3126.Google Scholar
  21. Singer, M., 2002. Benjamin Worm Plagues KaZaA. Available from [Accessed on Nov. 3, 2008].
  22. Sourceforge, 2009. PeerSim P2P Simulator. Available from [Accessed on Nov. 3, 2008].
  23. Staniford, S., Paxson, V., Weaver, N., 2002. How to Own the Internet in Your Spare Time. Proc. 11th USENIX Security Symp., p.149–167.Google Scholar
  24. Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H., 2001. Chord: a scalable peer-to-peer lookup service for Internet applications. ACM SIGCOMM Comput. Commun. Rev., 31(4):149–160. [doi:10.1145/964723.383071]CrossRefGoogle Scholar
  25. Thommes, R., Coates, M., 2006. Epidemiological Modeling of Peer-to-Peer Viruses and Pollution. Proc. 25th IEEE Int. Conf. on Computer Communications, p.181–192.Google Scholar
  26. Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S., Zhang, L., 2002. Observation and Analysis of BGP Behavior under Stress. Proc. 2nd ACM SIGCOMM Workshop on Internet Measurment, p.183–195. [doi:10.1145/637201.637231]Google Scholar
  27. Wang, Y., Wang, C., 2003. Modeling the Effects of Timing Parameters on Virus Propagation. ACM Workshop on Rapid Malcode, p.61–66. [doi:10.1145/948187.948198]Google Scholar
  28. Xia, C., Shi, Y., Li, X., Gao, W., 2007. P2P worm detection based on application identification. Front. Comput. Sci. China, 1(1):114–122. [doi:10.1007/s11704-007-0010-7]CrossRefGoogle Scholar
  29. Yu, W., Chellappan, S., Wang, X., Xuan, D., 2006. On Defending Peer-to-Peer System-Based Proactive Worm Attacks. Proc. IEEE Global Telecommunications Conf., p.1757–1761.Google Scholar
  30. Yu, W., Chellappan, S., Wang, X., Xuan, D., 2008. Peer-to-peer system-based active worm attacks: modeling, analysis and defense. Comput. Commun., 31(17): 4005–4017. [doi:10.1016/j.comcom.2008.08.008]CrossRefGoogle Scholar
  31. Zhang, Y., Li, Z., Hu, Z., Huang, Q., Lu, C., 2008. Evolutionary Proactive P2P Worm: Propagation Modeling and Simulation. Proc. 2nd Int. Conf. on Genetic and Evolutionary Computing, p.261–264. [doi:10.1109/WGEC.2008.75]Google Scholar
  32. Zhao, B., Huang, L., Stribling, J., Rhea, S.C., Joseph, A.D., Kubiatowicz, J., 2004. Tapestry: a resilient global-scale overlay for service deployment. IEEE J. Sel. Areas Commun., 22(1):41–53. [doi:10.1109/JSAC.2003.818784]CrossRefGoogle Scholar
  33. Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M., Chien, S., 2005. A First Look at Peer-to-Peer Worms: Threats and Defenses. Proc. 4th Int. Workshop of Peer-to-Peer Systems, p.24–35.Google Scholar
  34. Zhou, Y., Wu, Z., Wang, H., Zhong, J., Feng, Y., Zhu, Z., 2006. Breaking Monocultures in P2P Networks for Worm Prevention. Proc. Int. Conf. on Machine Learning and Cybernetics, p.2793–2798. [doi:10.1109/ICMLC.2006.259000]Google Scholar
  35. Zou, C.C., Gong, W., Towsley, D., 2002. Code Red Worm Propagation Modeling and Analysis. Proc. 9th ACM Conf. on Computer and Communication Security, p.138–147. [doi:10.1145/586110.586130]Google Scholar
  36. Zou, C.C., Towsley, D., Weibo, G., 2003. On the performance of Internet worm scanning strategies. Perform. Eval., 63(7):700–723. [doi:10.1016/j.peva.2005.07.032]CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg and “Journal of Zhejiang University Science” Editorial Office 2010

Authors and Affiliations

  • Xiao-song Zhang
    • 1
  • Ting Chen
    • 1
  • Jiong Zheng
    • 1
  • Hua Li
    • 2
  1. 1.School of Computer Science & EngineeringUniversity of Electronic Science and Technology of ChinaChengduChina
  2. 2.Unit 78155 of People’s Liberation ArmyChengduChina

Personalised recommendations