Skip to Main Content
P2P worm based on loopholes spreading in peer-to-peer network is a serious security threat. According to the characteristics of P2P worms, a signature-behavior-based P2P worm detection approach detecting the known P2P worm based on characteristic string matching is proposed. In addition, this method can also detect unknown P2P worms based on behavior. This method is mainly composed of the technology of application identification, the technology of worm characteristic string matching and unknown worm detection technology. A simple and efficient, with lower time complexity of alternative suffix tree algorithm - suffix array algorithm implements matching the characteristic string of worms. Because P2P data have fragment transfer mechanism, the worm characteristic string has the chance to be assigned to different data blocks. Besides, reorganization of characteristic string can detect the worm. Experimental results show that the P2P worm detection method is an effective way to detect P2P worms and restrain its spread.