By Topic

A Signature-Behavior-Based P2P Worm Detection Approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yu Yao ; Key Lab. of Med. Image Comput., Northeastern Univ., Shenyang, China ; Yong Li ; Fu-Xiang Gao ; Ge Yu

P2P worm based on loopholes spreading in peer-to-peer network is a serious security threat. According to the characteristics of P2P worms, a signature-behavior-based P2P worm detection approach detecting the known P2P worm based on characteristic string matching is proposed. In addition, this method can also detect unknown P2P worms based on behavior. This method is mainly composed of the technology of application identification, the technology of worm characteristic string matching and unknown worm detection technology. A simple and efficient, with lower time complexity of alternative suffix tree algorithm - suffix array algorithm implements matching the characteristic string of worms. Because P2P data have fragment transfer mechanism, the worm characteristic string has the chance to be assigned to different data blocks. Besides, reorganization of characteristic string can detect the worm. Experimental results show that the P2P worm detection method is an effective way to detect P2P worms and restrain its spread.

Published in:

Hybrid Intelligent Systems, 2009. HIS '09. Ninth International Conference on  (Volume:2 )

Date of Conference:

12-14 Aug. 2009