P2P (peer to peer) worm detection method and device

A P2P network and worm technology, applied in the Internet field, can solve the problems that the traffic does not pass through the firewall, P2P worms are difficult to distinguish, and the firewall cannot be identified, so as to achieve the effect of defending against known P2P worms and improving security

Active Publication Date: 2014-09-10
SANGFOR TECH INC
View PDF2 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1. Since the P2P worm spreads in the internal network, the traffic does not pass through the firewall, so in this case, the firewall is useless;
[0004] 2. Since P2P worms and normal P2P software use the same technology, it is difficult to distinguish P2P worms from normal P2P software;
[0005] 3. P2P worms often use encryption and obfuscation technology for the file itself and communication content, which makes it impossible for the firewall to recognize

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • P2P (peer to peer) worm detection method and device
  • P2P (peer to peer) worm detection method and device
  • P2P (peer to peer) worm detection method and device

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0092]Based on the first embodiment of the device for P2P worm detection of the present invention, the device also includes:

[0093] The setting module 40 is used to set the scanning time, and is used to regularly scan the ports of the hosts in the P2P network according to the scanning time.

[0094] In this embodiment, before using the firewall to scan the port of the host, the scanning time is set by the setting module 40, so that the firewall regularly scans the port of the host in the P2P network according to the scanning time. The scan time is the interval time for the firewall to regularly scan the host ports, that is, the length of time for each scan interval, and the firewall is used to scan the hosts in the specified network segment in the P2P network once.

[0095] Before using the firewall to scan the ports of the host, set the scan time so that the firewall scans the hosts in the specified network segment in the P2P network once per scan time interval, which furth...

no. 2 example

[0097] Based on the first and second embodiments of the device for P2P worm detection of the present invention, the device also includes:

[0098] The isolation and alarm module 50 is configured to isolate the host and give an alarm when it is determined that the host is infected with P2P worms.

[0099] When receiving the response message of the host, and after the content of the response message is parsed, it matches with the content of the response message of the corresponding P2P worm in the worm database, so that after determining that the host is infected with the P2P worm, the isolation and alarm module 50 will check the host. Carry out isolation and alarm to prevent the host from quickly spreading P2P worms to other hosts through the security holes of other hosts in the P2P network, P2P network file sharing function, resource sharing, etc., thereby causing security threats.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a P2P (peer to peer) worm detection method which is as follows: analyzing the features of P2P worms, constructing a worm feature library according to the related information of the P2P worms; scanning whether the port of a host in a P2P network is open, if the port of the host in the P2P network is open, sending a corresponding request message to the host according to the related information of a corresponding worm in the worm feature library; and after a response message returned from the host is received, parsing the response message content to determine whether the host is infected with the P2P worm according to the related information in the worm feature library. The invention also discloses a P2P worm detection device. The P2P worm detection method and device adopt the detection mode of active detection, and can effectively avoid the shortcomings that methods in the prior art are based on filtering and state detection of data packets, so that known P2P worms can be effectively defended, and the security of intranet system can be improved.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a P2P worm detection method and device. Background technique [0002] With the popularity of P2P (Peer to Peer, peer-to-peer computing) software, P2P worms have become one of the main threats to P2P network security. Use the security loopholes in other hosts in the P2P network, P2P network file sharing function, resource sharing, etc. to quickly and covertly spread worms to other hosts. Due to the design of the P2P network, while increasing the speed of resource sharing, it also speeds up the spread of worms. The speed enables P2P worms to infect a large number of hosts in a short period of time and construct a huge botnet at the same time, which poses a great security threat to the existing network. For the harm of P2P worms, the current firewall technology mainly detects whether the hosts in the network are infected with P2P worms by filtering the content of data packets ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30H04L12/26H04L29/08
Inventor 郑权
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap