Super node Selection For

Efficient Patch Distribution In

P2P Networks
Manoj Piyumal De Silva - 138207H
Supervised by: Dr. Dilum Bandara

Outline

Background Computer worms

Traditional patch distribution vs P2P patch distribution
Existing P2P patch distribution mechanisms
Research problem
Super-peer selection and Existing super-peer selection
protocols
Our super-peer selection approach.

Computer worms

A computer worm is a malicious program that selfpropagates across a network by exploiting security
flaws in widely used services [15].

Computer worms do not require user intervention for

propagation as computer viruses.

A worm can be used to capture sensitive information

of users of compromised hosts or can be used for
other attacks such as distributed denial service of
attacks (DDoS).

Most worm attacks exploited vulnerabilities after the

vulnerability of a service has been disclosed [4], [17].

Disk containing the

source code for the
Morris Worm the first
worm ever
[wikipedia.org]

How Fast worm can spread

Time between the patch release and the

worm appearance is decreasing and some
worms appeared even before the patch
release such as the ANI worm [17]

CodeRed infected more than 35,900 hosts

within 14 hours in 2001 and made a
damage of about a $2.6 billion in 2001[16].

Slammer infected more than 90 percent of

vulnerable hosts in less than ten minutes
[16], [4]
Good thing is, worms do not destroy the
infected host during the propagation phase
because it may disrupt its propagation [15]

Propagation of Code-Red (v2) worm [4]

P2P worms
Worms, which use P2P topological information or,
vulnerabilities of P2P software for propagation are known
as P2P worms.
P2P worms spread faster than normal worms since;
They do not need to scan for IP address, because next targets are
readily available as P2P neighbor information.
Rich node connectivity of P2P network makes any node can be
reached from any other node within few hops (i.e. average
distance any two hosts in P2P network is short[13]).

Some examples are Gnuman, VBS.Gnutella, and Fizzer

[10].

Outline

Background Computer worms

Traditional patch distribution vs P2P patch distribution
Existing P2P patch distribution mechanisms
Research problem
Super-peer selection and Existing super-peer selection
protocols
Our super-peer selection approach.

Traditional Patch distribution process

Traditional Solution is to use fixed number of patch servers to
distribute the security patch.
Patching with fixed number of patch server is not scalable and
not fast enough when compared with the speed of the worm
spread [2], [4].
Shakkottai and Srikant [4] analytically showed that with fixed
number of patch servers and with a well-designed worm,
maximum number of infections is (N), where N is the number
of hosts in the vulnerable population.

P2P based patch distribution

P2P patch distribution mechanism provides a fast, scalable and
cost effective way when compared with central server based
patch distribution mechanism[2], [4].
Shakkottai and Srikant [4] analytically showed that P2P patch
distribution approach can defend against worms effectively and
can disinfect the whole system with in (ln N) time.
Gkantsidis et al. [2] characterized Windows Update and They
demonstrated that the P2P approach has a great potential for
providing fast and scalable patch delivery mechanism.

Outline

Background Computer worms

Traditional patch distribution vs P2P patch distribution
Existing P2P patch distribution mechanisms
Research problem
Super-peer selection and Existing super-peer selection
protocols
Our super-peer selection approach.

Existing P2P patch distribution mechanisms (1)

Xie and Zhu [1] proposed two P2P patch distribution
approaches which use an existing P2P network.
Partition-based approach
Connected Dominating Set (CDS) based approach

In both their approaches security servers needs to be

deployed in the P2P network. Security servers selects
subset of nodes (known as key nodes or guardian nodes)
from the P2P network to distribute the patch first.

Existing P2P patch distribution mechanisms (2)

Partition-based approach

Existing P2P patch distribution mechanisms (3)

Connected Dominating Set (CDS) based approach

Existing P2P patch distribution mechanisms (4)

Xie et al [8] also proposed methods to use existing P2P
file sharing infrastructure to distribute the security patch
Peers exchange their latest patch version when exchanging files.
They exchange the patch as regular P2P file transfer
If an infected file is found during a P2P download and the patch is
available for that infection, downloading peer notify about the
patch to all peers which owns this particular infected file.

Other Approaches
How to retain the privacy when distributing the security patches
through P2P networks [5].
Using benign worms to clean malicious worms [13], [17].
Benign worms are not malicious they propagate as ordinary worms
but they are designed to clean malicious worms.
Not ethical since benign worms access hosts without proper
permission
Benign worm introduce significant network traffic when propagation.

Transferring the patch through the social networks to protect

hosts in P2P network[18].

Our approach: Super-peer Based P2P Patch

Distribution
P
P
P

The Problem
Select a set of super-peers from the unstructured P2P overlay
network, in distributed manner, to implement an efficient and
scalable patch distribution mechanism.
These selected super-peers must be;

High capable and stable

Needs to be selected dynamically
Trustworthy
Every non-super-peer needs to have low latency access to at least
one super-peer
The ratio of super-peer to non-super-peer must be controllable not to
overload the central patch servers

Outline

Background Computer worms

Traditional patch distribution vs P2P patch distribution
Existing P2P patch distribution mechanisms
Research problem
Super-peer selection and Existing super-peer selection
protocols
Our super-peer selection approach.

Super-peer selection
Super-peer selection involves selecting subset of nodes
from the P2P network to serve a special role .
Lo et al. [6] specified factors which needs to be fulfilled by
super-peers in P2P networks.
Distribution factors.

Access
Dispersal
Proportion
Load Balance

P2P factors.
Heterogeneity
Adaptability to churn
Security

Existing Unstructured Super-peer selection protocols

H2O [6] - an advertisement based protocol for
unstructured P2P networks
Potential super-peers advertise their capability
Other peers select super-peers according to their local policy
Only the peers which own security certificate issued by the central
authority can become the super-peers.

Existing Unstructured Super-peer selection protocols

Gnutella super-peer selection protocol [23]
Any peer can promote itself as a super-peer if it fulfills the
following factors [6]:

it has been up for at least five minutes

it has high network bandwidth
possesses sufficient processing power
runs on an OS, which can handle large number of simultaneous
TCP connections
it is not behind a firewall or a NAT gateway

Existing Unstructured Super-peer selection protocols

Trust-based super node selection [20]
High capability peers can become super-peers freely.
Leaf peers select super-peers from most trusted super-peers.
Trust is calculated by combining two trust metrics;
Proxy Request Trust (PRqT)- how much of trust the leaf peer can place on the
super-peer when forwarding its requests.
Proxy Response Trust (PRsT) - how much of trust the leaf peer can place on the
super-peer, when super-peer gives responses to other peers on behalf of this
particular leaf peer
Do not specify exactly how to calculate PRqT or PRsT.

No mechanism to control proportion of super-peers.

Dispersion or the low latency access from non-super-peers to superpeers is not considered.

Outline

Background Computer worms

Traditional patch distribution vs P2P patch distribution
Existing P2P patch distribution mechanisms
Research problem
Super-peer selection and Existing super-peer selection
protocols
Our super-peer selection approach.

How this research is different from others?

There are several patch distribution mechanisms in literature,
which use this kind subset of nodes (i.e. super-peers) for P2P
patch distribution [1], [8], [14].
In [1] super-peers are selected using a central server and
heterogeneity is not taken in to account.
In [8] they use existing super-peers in P2P file sharing network which
do not satisfy trust, dispersion and proportion of super-peer selection
requirements.
[14] does not mention about how they select super-peers

Non of the existing super-peer selection protocols for

unstructured networks does not satisfy the required criteria
mentioned in the problem statement.

Our Solution (1)

Contains of Three Steps
Protocol initiation
Calculating the score of the super-peer by individual leaf-peers
Voting for super-peer

Protocol initiation
Any peer who is not satisfied with current super-peers can initiate
the protocol if it is capable of performing as a super-peer.
It can flood a advertisement message through the network, to
notify other peers about its capability to perform as a super-peer

Our Solution (2)

Calculating score of super-peers
Score of a super-peer depends on following factors.
B - Bandwidth of the super-peer to satisfy the capability requirement
P - Processing power of the super-peer - to satisfy the capability
requirement
S - Stability of the super-peer - to satisfy the capability requirement
D - Latency from leaf-peer to super-peer- to satisfy the super-peer
dispersal requirement
T - Trust-worthiness of the super-peer- to suppress malicious superpeers

Our Solution (3)

Calculating score of super-peers
Super-peer Score = C1*.B + C2*P + C3*S+ C4*(1/D) + C5*T
C1 , C2 ,C3 , C4 , C5 , are constants.

Voting for a super-peer

If the calculated score exceeds any of current super-peers of the leafpeer, leaf peer will vote for the upcoming super-peer
This vote can be flooded through the network to notify to whom
interested.
Or vote of a particular super-peer can be send to another existing superpeer, which coordinate with the central server to promote the upcoming
super-peer to a through super-peer.

Objectives
Contains

THANK YOU !

References
[[1]
Liang Xie; Sencun Zhu, "A Feasibility Study on Defending Against Ultra-Fast Topological Worms,"
in Peer-to-Peer Computing, 2007. P2P 2007. Seventh IEEE International Conference on, Washington, Sept.
2007, pp. 61-70.
[2]
Christos Gkantsidis, Thomas Karagiannis, Pablo Rodriguez, and Milan Vojnovic, "Planet scale
software updates," in Proc. of ACM SIGCOMM 06, Pisa, Italy, August 2006.
[3]
Eng Keong Lua; Crowcroft, J.; Pias, M.; Sharma, R.; Lim, S, "A survey and comparison of peer-topeer network schemes," in Communications Surveys & Tutorials, IEEE, Second Quarter 2005, pp. 72-93.
[4]
Shakkottai, S. ; Srikant, R., "Peer to Peer Networks for Defense Against Internet Worms," in
Selected Areas in Communications, IEEE Journal on, vol. 3, December 2007, pp. 1745,1752.
[5]
Di Wu; Cong Tang; Dhungel, P.; Saxena, N.; Ross, K.W., "On the Privacy of Peer-Assisted
Distribution of Security Patches," in Peer-to-Peer Computing (P2P), 2010 IEEE Tenth International Conference
on, Aug. 2010, pp. 1,10.
[6]
Lo, V.; Dayi Zhou; Yuhong Liu; GauthierDickey, C.; Jun Li, "Scalable Supernode Selection in Peerto-peer Overlay Networks," in Hot Topics in Peer-to-Peer Systems, 2005. HOT-P2P 2005. Second
International Workshop on , July 2005, pp. 18,25.
[7]
Seung Chul Han; Xia, Y., "Optimal leader election scheme for peer-to-peer applications," in
Networking, 2007. ICN '07. Sixth International Conference on, April 2007.

References
[8]
Xie, Liang, Song, Hui and Zhu, Suncun, "On The Effectiveness of Internal Patching Against FileSharing Worms," in Applied Cryptography and Network Security.: Springer Berlin Heidelberg, 2008, pp. 120.
[9]
A. S. Tanenbaum and M. V. Steen, Distributed systems: principles and paradigms, 2nd ed., 2006.
[10]
L. Zhou, L. Zhang, F. McSherry, N. Immorlica, M. Costa, and S. Chien., "A first look at peer-to-peer
worms: threats and defenses," in Proceedings of the 4th International Conference on Peer-to-Peer Systems.
Ithaca, NY: Springer-Verlag, 2005, pp. 24-35.
[11]
Li Xiong; Ling Liu, "PeerTrust: supporting reputation-based trust for peer-to-peer electronic
communities," in Knowledge and Data Engineering, IEEE Transactions on, July 2004, pp. 843,857.
[12]
S.D. Kamvar, M.T. Schlosser, and H. Garcia-Molina, "The Eigentrust Algorithm for Reputation
Management in P2P Networks," in Proceedings of the 12th International Conference on World Wide Web.
Budapest, Hungary: ACM, 2003, pp. 640651.
[13]
T. Chen, X. Zhang, H. Li, X. Li, Y. Wu, "Fast quarantining of proactive worms in unstructured P2P
networks," J. Netw. Comput. Appl., vol. 34, no. 5, pp. 1648-1659, September 2011.
[14]
M. VojnoviC, A. Ganesh, "On the Effectiveness of Automatic Patching," in Proceedings of the 2005
ACM Workshop on Rapid Malcode. Fairfax, VA, USA: ACM, 2005, pp. 41-50.
[15]
N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "A taxonomy of computer worms," in
Proceedings of the 2003 ACM Workshop on Rapid Malcode. Washington, DC, USA: ACM, 2003, pp. 11-18.

References
[16]
G. Chen and Robert S. Gray, "Simulating Non-Scanning Worms on Peer-to-Peer Networks," in
Proceedings of the 1st International Conference on Scalable Information Systems. Hong Kong: ACM, 2006,
pp. 29-41.
[17]
Chunfu Jia, Xin Liu, Zhichao Hu, Guoyou Liu, Zhi Wang, "Defending P2P Networks against
Malicious Worms Based on Benign Worms," in Advances in Electric and Electronics.: Springer Berlin
Heidelberg, 2012, vol. 155, pp. 653-660.
[18]
Liu Xin, Xin Zhaojun and Shi Leyi, "Automatic Patching Based on Social Computing in P2P
Network," in Emerging Intelligent Data and Web Technologies (EIDWT), 2013 Fourth International Conference
on, Sept, 2013, pp. 471-478.
[19]
Beverly Yang, B. and Garcia-Molina, H, "Designing a Super-Peer Network," in 19th International
Conference on Data Engineering, 2003. Proceedings, IEEE, 2003, pp. 49-60.
[20]
Yu Jin; Yan Liu; Hongwu Zhao, "Trust-based supernode selection in peer-to-peer systems," in
Future Computer and Communication (ICFCC), 2010 2nd International Conference on, May 2010, pp. 285289.
[21]
Doval, D.; O'Mahony, D., "Overlay networks: A scalable alternative for P2P," in Internet Computing,
IEEE, 2003, pp. 79,82.

References
[22]
Dan S. Wallach, "A survey of peer-to-peer security issues," in Proceedings of the 2002 Mext-NSFJSPS International Conference on Software Security: Theories and Systems. Tokyo, Japan: Springer-Verlag,
2003, pp. 42-57.
[23]
Stutzbach, D.; Rejaie, R.; Sen, S, "Characterizing Unstructured Overlay Topologies in Modern P2P
File-Sharing Systems," in Networking, IEEE/ACM Transactions on, April 2008, pp. 267,280.
[24]
Stoica, I.; Morris, R.; Liben-Nowell, D.; Karger, D.R.; Kaashoek, M.F.; Dabek, F.; Balakrishnan, H.,
"Chord: a scalable peer-to-peer lookup protocol for Internet applications," in Networking, IEEE/ACM
Transactions on, Feb 2003, pp. 17,32.

Trust Calculation
Any peer in the network calculates the trust or the reputation of
other peers, it has dealt with.
Upon completion of a transition, peers can rate each other, and
this rating value will be either -1 or +1; where -1 is being an
unsatisfied transition and +1 being a successful satisfied transition.

Ti,j = ( tri,j)/ Ni,j

When calculating the trust of a super-peer, a leaf peer will use the
trust placed on the super-peer by itself and the other peers.
The final aggregated trust value T, of super-peer s, at the leaf-peer
l, is given by;
T= Tl,s + (Tl,i*Ti,s)

Existing P2P patch distribution mechanisms

Xie et al [8] also proposed methods to use existing P2P
file sharing infrastructure to distribute the security patch
Key nodes ( subset of P2P node) pull the security patch from the
server and distribute to other nodes.
Two approaches to select key nodes,
Download based approach key nodes are the nodes who provide higher
number of download to others.
Search based approach key nodes are nodes who perform higher number of
downloads