{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:50:23Z","timestamp":1750308623260,"version":"3.41.0"},"reference-count":41,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2011,10,1]],"date-time":"2011-10-01T00:00:00Z","timestamp":1317427200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Auton. Adapt. Syst."],"published-print":{"date-parts":[[2011,10]]},"abstract":"<jats:p>P2P technology has recently been adopted by Internet-based malware as a fault tolerant and scalable communication medium. Due to its decentralized and self-organizing nature, P2P malware is harder to detect and block, especially if it utilizes specialized techniques for hiding. We analyze a number of hiding strategies through extensive and realistic simulations over a model of the AS-level Internet topology. We show that the most effective strategy to avoid detection is to drastically reduce the maximal number of peers a node communicates with. While overlay networks of a small constant maximal degree are generally considered to be unscalable, we argue that it is possible to design them to be scalable, efficient, and robust. An important implication is that stealth mode P2P malware that is very difficult to discover with state-of-the-art methods is a plausible threat. We discuss algorithms and theoretical results that support the scalability of stealth mode overlays, and we present realistic event-based simulations of a proof-of-concept system. Besides the context of P2P malware, some of our results are of general interest in the area of constant degree overlays in connection with the problem of how to maintain reasonable performance and reliability with the smallest degree possible.<\/jats:p>","DOI":"10.1145\/2019591.2019596","type":"journal-article","created":{"date-parts":[[2011,10,27]],"date-time":"2011-10-27T13:17:37Z","timestamp":1319721457000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Scalable Stealth Mode P2P Overlays of Very Small Constant Degree"],"prefix":"10.1145","volume":"6","author":[{"given":"M\u00e1rk","family":"Jelasity","sequence":"first","affiliation":[{"name":"University of Szeged and Hungarian Academy of Sciences"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vilmos","family":"Bilicki","sequence":"additional","affiliation":[{"name":"University of Szeged"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,10]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_2_1_1_1","DOI":"10.1145\/1162666.1162668"},{"doi-asserted-by":"publisher","key":"e_1_2_1_2_1","DOI":"10.1002\/1098-2418(200007)16:4%3C369::AID-RSA6%3E3.0.CO;2-J"},{"volume-title":"OARC Workshop.","year":"2005","author":"Dagon D.","key":"e_1_2_1_3_1"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Hot Topics in Understanding Botnets (HotBots).","author":"Grizzard J.","key":"e_1_2_1_4_1"},{"volume-title":"Proceedings of the 17th USENIX Security Symposium (Security).","author":"Gu G.","key":"e_1_2_1_5_1"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX Association","author":"Holz T.","key":"e_1_2_1_6_1"},{"unstructured":"Hyun Y. Huffaker B. Andersen D. Aben E. Luckie M. Claffy K. and Shannon C. 2008. The IPv4 Routed \/24 AS Links Dataset -- 2008-01-02. http:\/\/www.caida.org\/data\/active\/ipv4_routed_topology_aslinks_dataset.xml. Hyun Y. Huffaker B. Andersen D. Aben E. Luckie M. Claffy K. and Shannon C. 2008. The IPv4 Routed \/24 AS Links Dataset -- 2008-01-02. http:\/\/www.caida.org\/data\/active\/ipv4_routed_topology_aslinks_dataset.xml.","key":"e_1_2_1_7_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_8_1","DOI":"10.1145\/1298306.1298349"},{"volume-title":"Graption: Automated detection of P2P applications using traffic dispersion graphs (TDGs). Tech. rep. UCR-CS-2008-06080, Department of Computer Science and Engineering","year":"2008","author":"Iliofotou M.","key":"e_1_2_1_9_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_10_1","DOI":"10.1007\/11734697_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_11_1","DOI":"10.1007\/978-3-642-05118-0_28"},{"volume-title":"Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX. http:\/\/www.usenix.org\/events\/leet09\/tech\/.","author":"Jelasity M.","key":"e_1_2_1_12_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_13_1","DOI":"10.1145\/1082469.1082470"},{"doi-asserted-by":"publisher","key":"e_1_2_1_14_1","DOI":"10.1145\/1275517.1275520"},{"doi-asserted-by":"publisher","key":"e_1_2_1_15_1","DOI":"10.1016\/j.comnet.2009.03.013"},{"volume-title":"Local Search in Combinatorial Optimization","author":"Johnson D. S.","key":"e_1_2_1_16_1"},{"volume-title":"Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS).","author":"Kaashoek M. F.","key":"e_1_2_1_17_1"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX Association","author":"Kanich C.","key":"e_1_2_1_18_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_19_1","DOI":"10.1109\/TPDS.2003.1189583"},{"doi-asserted-by":"publisher","key":"e_1_2_1_20_1","DOI":"10.1145\/335305.335325"},{"doi-asserted-by":"publisher","key":"e_1_2_1_21_1","DOI":"10.1038\/449287a"},{"doi-asserted-by":"publisher","key":"e_1_2_1_22_1","DOI":"10.1109\/DSN.2006.4"},{"doi-asserted-by":"publisher","key":"e_1_2_1_23_1","DOI":"10.1016\/j.jss.2007.01.014"},{"volume-title":"Proceedings of the 15th IEEE International Symposium on High Performance Distributed Computing (HPDC). 7--17","author":"Le Merrer E.","key":"e_1_2_1_24_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_25_1","DOI":"10.1109\/COMST.2005.1610546"},{"doi-asserted-by":"publisher","key":"e_1_2_1_26_1","DOI":"10.1145\/571825.571857"},{"volume-title":"Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems (USITS).","author":"Manku G. S.","key":"e_1_2_1_27_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_28_1","DOI":"10.1145\/1007352.1007368"},{"volume-title":"Proceedings of the 22nd Symposium on Reliable Distributed Systems (SRDS). 47--55","author":"Massouli\u00e9 L.","key":"e_1_2_1_29_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_30_1","DOI":"10.1016\/j.jpdc.2008.07.011"},{"volume-title":"Proceedings of the 9th IEEE International Conference on Peer-to-Peer Computing (P2P). IEEE","author":"Montresor A.","key":"e_1_2_1_31_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_32_1","DOI":"10.1007\/978-3-540-30183-7_26"},{"doi-asserted-by":"publisher","key":"e_1_2_1_33_1","DOI":"10.1109\/SURV.2008.080406"},{"volume-title":"Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET).","author":"Porras P.","key":"e_1_2_1_34_1"},{"volume-title":"Proceedings of the 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI).","author":"Ramachandran A.","key":"e_1_2_1_35_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_36_1","DOI":"10.1109\/TNET.2008.2009053"},{"volume-title":"Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET).","year":"2009","author":"Stern H.","key":"e_1_2_1_37_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_38_1","DOI":"10.1145\/383059.383071"},{"volume":"36","volume-title":"Advances in Information Security Series","author":"Strayer W. T.","key":"e_1_2_1_39_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_40_1","DOI":"10.1145\/1177080.1177105"},{"doi-asserted-by":"publisher","key":"e_1_2_1_41_1","DOI":"10.1109\/CONECT.2004.1375206"}],"container-title":["ACM Transactions on Autonomous and Adaptive Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2019591.2019596","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2019591.2019596","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:07:42Z","timestamp":1750273662000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2019591.2019596"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,10]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,10]]}},"alternative-id":["10.1145\/2019591.2019596"],"URL":"https:\/\/doi.org\/10.1145\/2019591.2019596","relation":{},"ISSN":["1556-4665","1556-4703"],"issn-type":[{"type":"print","value":"1556-4665"},{"type":"electronic","value":"1556-4703"}],"subject":[],"published":{"date-parts":[[2011,10]]},"assertion":[{"value":"2010-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}