P2P网络安全及防御技术研究综述

摘要/Abstract

摘要： 基于P2P网络的各类应用逐渐占据了互联网应用中的重要地位,其采用的分布式结构在提供可扩展性和灵活性的同时,也面临着巨大的安全风险和挑战。首先概述了P2P网络的基本概念与特点,并说明了P2P系统与传统C/S结构系统的区别；随后详细介绍了目前对P2P网络威胁和影响最大的3种攻击方法:Sybil攻击、Eclipse攻击和DDoS攻击,指出了3种攻击方法的联系与区别；最后分别概述了针对这3种攻击方法相应的防御措施。

关键词: P2P网络,Sybil攻击,Eclipse攻击,DDoS攻击

Abstract: The applications based on P2P networks have been playing an important role in the Internet．P2P networks with the distributed architecture are scalable and flexible while they are facing the enormous security challenges．This paper began with an overview of the concepts and features of the P2P network,and explained the difference between it and traditional C/S structure,then detailed the three popular methods of attack against the P2P networks:Sybil attack,Eclipse attacks and DDoS attack,and pointed out the relations and differences of the three kinds of attack,finally gave an overview of research on the defensive measures against the attacks.

Key words: P2P networks,Sybil attack,Eclipse attack,DDoS attack

刘悦,李强,李舟军. P2P网络安全及防御技术研究综述[J]. 计算机科学, 2013, 40(4): 9-13. https://doi.org/

LIU Yue,LI Qiang and LI Zhou-jun. Survey of P2P Network Security and Defense Mechanism[J]. Computer Science, 2013, 40(4): 9-13. https://doi.org/

参考文献

[1] Maymounkov P,Mazières D．Kademlia:A Peer-to-Peer Information System Based on the XOR Metric[C]∥the First International Workshop on Peer-to-Peer Systems(IPTPS’02)．2002:53-65
[2] Peer-to-Peer．http://en.wikipedia.org/wiki/Peer-to-Peer
[3] BitTorrent．http://www.bittorrent.org
[4] eMule．http://www.emule-project.net
[5] PPS．http://www.pps.tv
[6] PPLive．http://www.pplive.com
[7] Douceur J R．The Sybil attack[C]∥Proceedings of IPTPS’02．2002
[8] Chris,Wagner D．Secure routing in wireless senor networks:attacks and countermeasures[D]．Ad hoc Networks,2003
[9] Kamvar S D,Schlosser M T,Garcia-Molina H．The EigenTrust Algorithm for Reputation Management in P2P Networks[J]．ACM 1-58113-680-6,2003
[10] Seigneur J-M,Gray A,Jensen C D．Trust Transfer:Encouraging Self-Recommendations without Sybil Attack[C]∥The Third International Conference on Trust Management iTrust．2005
[11] Danezis G,Lesniewski-Lass C,Kaashoek M F,et al．Sybil-Re-sistant DHT Routing[C]∥Computer Security - ESORICS．2005
[12] Dinger J,Hartenstein H．Defending the Sybil Attack in P2PNetworks:Taxonomy,Challenges,and a Proposal for Self-Re-gistration[C]∥ARES’06:Proceedings of the first International Conference on Availability,Reliability and Security,2006
[13] Cornelli F,Damiani E,Samarati S．Implementing a reputation-aware gnutella servent[C]∥Proc．Intl Wkshp on Peer-to-Peer Computing．2002
[14] 王鹏,王琳,祝跃飞．在P2P网络下Sybil攻击的研究与防御[J]．微电子学与计算机,2006,23(4):162-165
[15] 胡玲玲,杨寿保,王菁．P2P网络中的Sybil攻击的防御机制[J]．计算机工程,2009,35(15):121-123
[16] Steiner M,En-Najjary T,Biersack E W．Exploiting KAD:Possible Uses and Misuses[J]．Computer Communication Review,2007,37(5)
[17] Singh,Ngan T,Druschel P,et al．Eclipse attacks on overlays:Threats and defenses[C]∥Proceedings of INFOCOM’06．2006
[18] Maccari L,Rosi M,Fantacci R,et al．Avoiding eclipse attacks on Kad/Kademlia:An identity based approach[C]∥Proceedings of the IEEE International Conference on Communications．Piscataway,USA:IEEE Press,2009
[19] Awerbuch B,Scheideler C．Towards a scalable and robust DHT[C]∥Proceedings of the 18^th Annual ACM Symposium on Parallelism in Algorithms and Architecture．New York,USA:Association for Computing Machinery,2006
[20] Castro M,Druschel P,Ganesh A,et al．Secure routing for structured Peer-to-Peer overlay networks[C]∥Proceeding of the 15^th Symposium on Operating Systems Design and Implementation．New York,Association for Computing Machinery,2002
[21] Hildrum K,Kubiatowicz J．Asymptotically efficient approaches to fault-tolerance in Peer-to-Peer networks[C]∥Proceedings of the 17^th International Symposium on Distributed Computing Lecture．Berlin,Germany:Springer-Verlag,2003
[22] Condie T,kacholia V,Sankaraman S,et al．Induced churn asshelter from routing table poisoning[C]∥Prodeedings of the 13^th Annual Network and Distributed System Security Sympo-sium．San Diego,USA:the Internet Society,2006
[23] Mirkovic J,Dietrich S,Dittrich D,et al.Internet Denial of Ser-vice:Attack and Defense Mechanisms[R]．Prentice Hall PTR．2004
[24] Sun X,Torres R,Rao S．DDoS Attacks by Subverting Membership Management in P2P Systems[C]∥NPSec．2007
[25] Athanasopoulos E,Anagnostakis K,Markatos E．Misusing Unstructured P2P systems to Perform DoS Attacks:The Network That Never Forgets[C]∥Proc．ACNS．2006
[26] Daswani N,Garcia-Molina H．Query-flood dos attacks in gnutellanetworks[C]∥ACM Conference on Computer and Communications Security．2002
[27] Liang Jian,Naoumov N,Ross K W．The Index Poisoning Attack in P2P File Sharing Systems[C]∥IEEE Conference on Compu-ter Communication．Barcelona,Spain,April 2006
[28] Liu Yun-hao,Liu Xiao-mei,Wang Chen,et al.Defending P2Ps from Overlay Flooding-based DDoS[C]∥ICPP 2007．2007
[29] Sia K C．DDoS Vulnerability Analysis of Bittorrent Protocol[R]．UCLA Tech．Report.Spring 2006
[30] Ranjan S,Swaminathanm R,Uysal M,et al．DDoS-ResilientScheduling to Counter Application Layer Attacks under Imperfect Detection[C]∥INFOCOM’06．2006
[31] Yu Jie,Li Zhou-jun,Chen Huo-wang,et al．A detection and offense mechanism to defend against application layer DDoS attacks[C]∥The Proceedings of the 3^rd International Conference on Networking and Services．2007
[32] Yu Jie,Fang Cheng-fang,Li Zhou-jun,et al．Mitigating Application Layer DDoS Attacks Via Leightweight and Effective Trust Management[J]．IET Communications,2010,4(16):1952-1962
[33] Yu Jie,Fang Cheng-fang,Lu Li-ming,et al．A LightweightMechanism to Mitigate Application Layer DDoS Attacks[C]∥The 4^th International ICST Conference on Scalable Information Systems(INFOSCALE’09)．Hong Kong,China,June 2009
[34] Yu Jie,Li Zhou-jun,Chen Xiao-ming．Misusing Kad protocol to perform DDoS attacks[C]∥The 6^th IEEE International Symposium on Parallel and Distributed Processing and Applications (ISPA’08)．Sydney,Austrilia,December 2008
[35] Walfish M,Vutukuru M,Balakrishnan H,et al．DDoS defense by offsense[C]∥The Proceedings of SIGCOMM’06．2006

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed