Scalable stealth mode P2P overlays of very small constant degree

M. Jelasity, Vilmos Bilicki

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

P2P technology has recently been adopted by Internet-based malware as a fault tolerant and scalable communication medium. Due to its decentralized and self-organizing nature, P2P malware is harder to detect and block, especially if it utilizes specialized techniques for hiding. We analyze a number of hiding strategies through extensive and realistic simulations over a model of the AS-level Internet topology. We show that the most effective strategy to avoid detection is to drastically reduce the maximal number of peers a node communicates with. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue that it is possible to design them to be scalable, efficient, and robust. An important implication is that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. We discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic event-based simulations of a proof-of-concept system. Besides the context of P2P malware, some of our results are of general interest in the area of constant degree overlays in connection with the problem of how to maintain reasonable performance and reliability with the smallest degree possible.

Original languageEnglish
Article number27
JournalACM Transactions on Autonomous and Adaptive Systems
Volume6
Issue number4
DOIs
Publication statusPublished - Oct 2011

Fingerprint

Internet
Overlay networks
Scalability
Topology
Malware
Communication

Keywords

  • Algorithms
  • Experimentation
  • Reliability
  • Security
  • Theory

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science (miscellaneous)
  • Software

Cite this

Scalable stealth mode P2P overlays of very small constant degree. / Jelasity, M.; Bilicki, Vilmos.

In: ACM Transactions on Autonomous and Adaptive Systems, Vol. 6, No. 4, 27, 10.2011.

Research output: Contribution to journalArticle

@article{e20dd975edbf4346a79f821e6432b171,
title = "Scalable stealth mode P2P overlays of very small constant degree",
abstract = "P2P technology has recently been adopted by Internet-based malware as a fault tolerant and scalable communication medium. Due to its decentralized and self-organizing nature, P2P malware is harder to detect and block, especially if it utilizes specialized techniques for hiding. We analyze a number of hiding strategies through extensive and realistic simulations over a model of the AS-level Internet topology. We show that the most effective strategy to avoid detection is to drastically reduce the maximal number of peers a node communicates with. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue that it is possible to design them to be scalable, efficient, and robust. An important implication is that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. We discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic event-based simulations of a proof-of-concept system. Besides the context of P2P malware, some of our results are of general interest in the area of constant degree overlays in connection with the problem of how to maintain reasonable performance and reliability with the smallest degree possible.",
keywords = "Algorithms, Experimentation, Reliability, Security, Theory",
author = "M. Jelasity and Vilmos Bilicki",
year = "2011",
month = "10",
doi = "10.1145/2019591.2019596",
language = "English",
volume = "6",
journal = "ACM Transactions on Autonomous and Adaptive Systems",
issn = "1556-4665",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - Scalable stealth mode P2P overlays of very small constant degree

AU - Jelasity, M.

AU - Bilicki, Vilmos

PY - 2011/10

Y1 - 2011/10

N2 - P2P technology has recently been adopted by Internet-based malware as a fault tolerant and scalable communication medium. Due to its decentralized and self-organizing nature, P2P malware is harder to detect and block, especially if it utilizes specialized techniques for hiding. We analyze a number of hiding strategies through extensive and realistic simulations over a model of the AS-level Internet topology. We show that the most effective strategy to avoid detection is to drastically reduce the maximal number of peers a node communicates with. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue that it is possible to design them to be scalable, efficient, and robust. An important implication is that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. We discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic event-based simulations of a proof-of-concept system. Besides the context of P2P malware, some of our results are of general interest in the area of constant degree overlays in connection with the problem of how to maintain reasonable performance and reliability with the smallest degree possible.

AB - P2P technology has recently been adopted by Internet-based malware as a fault tolerant and scalable communication medium. Due to its decentralized and self-organizing nature, P2P malware is harder to detect and block, especially if it utilizes specialized techniques for hiding. We analyze a number of hiding strategies through extensive and realistic simulations over a model of the AS-level Internet topology. We show that the most effective strategy to avoid detection is to drastically reduce the maximal number of peers a node communicates with. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue that it is possible to design them to be scalable, efficient, and robust. An important implication is that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. We discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic event-based simulations of a proof-of-concept system. Besides the context of P2P malware, some of our results are of general interest in the area of constant degree overlays in connection with the problem of how to maintain reasonable performance and reliability with the smallest degree possible.

KW - Algorithms

KW - Experimentation

KW - Reliability

KW - Security

KW - Theory

UR - http://www.scopus.com/inward/record.url?scp=84859415104&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84859415104&partnerID=8YFLogxK

U2 - 10.1145/2019591.2019596

DO - 10.1145/2019591.2019596

M3 - Article

VL - 6

JO - ACM Transactions on Autonomous and Adaptive Systems

JF - ACM Transactions on Autonomous and Adaptive Systems

SN - 1556-4665

IS - 4

M1 - 27

ER -