P2P worm detection based on application identification

摘要

P2P worm exploits common vulnerabilities and spreads through peer-to-peer networks. Despite being recognized as a potential and deadly threat to the Internet recently, few relevant countermeasures are found in extant literature. Once it breaks out, a P2P worm could result in unpredictable losses. Based on propagation characteristics of the worm, this paper presents a detection method called PWD (P2P Worm Detection), which is designed based on application identification and unknown worm detection. Simulation result and LAN-environment experiment result both indicate that PWD is an effective method to detect and block P2P worms.