Verme: Worm Containment in Peer-to-Peer Overlays.

F. Freitas, R. Rodrigues, C. Ribeiro, P. Ferreira, and L. Rodrigues.

Proceedings of the 6th International Workshop on Peer-to-Peer Systems (IPTPS'07), Bellevue, WA, USA, February, 2007.

Abstract

Peer-to-peer overlays provide an ideal substrate for worm propagation. P2p-assisted worms have the potential to spread faster than traditional scanning worms because they have knowledge of a subset of the overlay nodes, and choose these nodes to propagate themselves; and also because they can avoid traditional detection mechanisms.

We present a novel approach for containing p2passisted worms based on the fact that some overlay nodes may not have common vulnerabilities, due to their platform diversity. By properly reorganizing the overlay graph, this can lead to the containment of p2p-assisted worms in small islands of nodes with common vulnerabilities that only have knowledge of themselves or nodes running on distinct platforms.

We present the design of Verme, a p2p overlay based on Chord that follows this approach, and we discuss several interesting issues that arise in Verme\u2019s design. We argue that this new overlay may help containing, or at least slowing down the propagation of p2p-assisted worms, and raise the difficulty level of writing them.

Also available extended report (pdf) .

Luís Rodrigues