電腦病蟲是一種可以在網際網路上自我複製並自行傳播的惡意程式碼。在網際網路發達的今天，電腦病蟲可謂是無所不在，甚至猖獗，而造成電腦使用者莫大的不便。因此，對抗電腦病蟲的第一步便是及早偵測出它的存在。在本篇論文中，我們擬針對用於偵測電腦病蟲的感測器的擺置方式提出原則與建議。
由於點對點系統在網際網路上的日益蓬勃，我們深信，將來針對結構化的點對點系統程式漏洞而設計的電腦病蟲，會對網際網路使用者構成更大的威脅。基於上述考量，本篇論文所研究的問題是，在一個結構上有特定拓撲的網路裡，我們如何擺置用來偵測電腦病蟲的感測器。對此，我們提出了k-支配集的觀念，並設計貪婪演算法配合減少準則來實現。
論文的重心放在兩個結構化的點對點系統，Chord 和CAN上。我們利用模擬的方式，求得感測器的數量依據，並提供合理的邏輯解釋。由於此兩系統使用的是單向雜湊方程式，同時，系統的拓撲會因為網路節點的即時加入和離開而持續改變，因此，模擬的結果實際上提供了偵測電腦病蟲感測器的數量準則。換句話說，以k-支配集貪婪演算法配合減少準則，所計算出在電腦病蟲擴散k步前偵測出病蟲的感測器的數量，可以做為以隨機方式擺置的感測器在偵測電腦病蟲擴散k+1步前的標準。

A computer worm is a self-replicating and self-propagating program designed to spread through the network by exploiting security holes; moreover, with its malicious behaviors, it has caused much inconvenience to computer users. We believe that detection is the first step to fight against worms. In this thesis we provide some guidance for sensor placement in worm detection.
Because of the popularity for peer-to-peer systems, it is conceivable that worms may be created to fail such systems. The question then is: given a network with a special topology, how can one put sensors to help detect worms? To answer this question, we introduce the concept of distance-k dominating sets for sensor placement.
In this thesis we consider two types of structured peer-to-peer systems [17]: Chord [19] and CAN [16]. Since Chord and CAN use one-way hash function for node joining and their topologies behave as a random graph, our simulation results then provide the guidance on the number of the sensors needed for worm detection. That is, if we wish to approximate the effect of the distance-(k+1) dominating set for worm detection, the number of the randomly chosen sensors needed for P2P systems should be at least larger than the size of the distance-k dominating set obtained from the greedy approximation algorithm with the reduction rule.

[1] Gnutella, http://www.gnutella.com/.
[2] Honeypot. http://www.honeypots.net/.
[3] KaZaA, http://www.kazaa.com/.
[4] A.V. Aho, J.E. Hopcroft, J.D. Ullman. Data Structures and Algorithms. Addison-Wesley Publishing Company, 1983.
[5] V. Berk, G. Bakos. “Designing a Framework for Active Worm Detection on Global Networks,” in Proceedings of the First International Workshop on Information Assurance (IWIA’03), Darmstadt, Germany, March 2003.
[6] C.S. Chang. Performance Guarantees in Communication Networks. London: Springer-Verlag, New York, 2000.
[7] G.J. Chang and G.L. Nemhauser. “The k-domination and k-stability problem on graphs,” Tech Report 540, School of Operations Res. And Industrial Eng., Cornell Univ. (1982).
[8] Z. Chen, L. Gao, and K. Kwiat. “Modeling the Spread of Active Worms,” IEEE INFOCOM, 2003.
[9] T.H. Cormen, C.E. Leiserson, R.L. Rivest, Introduction to Algorithms. MIT Press, 2001.
[10] T.W. Haynes, S.T. Hedetniemi, P.J. Slater, Fundamentals of Domination in Graphs. MARCEL DEKKER, INC. 1998.
[11] M. Liljenstam, D.M. Nicol, V.H. Berk, R.S. Gray. “Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing,” in Proceedings of WORM’03, Washington, DC, October 2003.
[12] D. Moore. “Network Telescopes: Observing Small or Distant Security Events,” in USENIX Security, 2002.
[13] D. Moore, V. Paxsom, S. Savage, C. Shannon, S. Staniford, and N. Weaver. “Inside the Slammer Worm,” IEEE Security and Privacy, 1(4):33-39, July 2003.
[14] D. Moore, C. Shannon, G. M. Voelker, and S. Savage. “Internet Quarantine: Requirements for Containing Self-Propagating Code,” IEEE INFOCOM, 2003.
[15] A. Rowstron, R. Druschel. “Pastry: Scalable, Decentralized object Location and Routing for Large-scale Peer-to-peer systems,” in Proceedings of the 18th IFIP/ACM International Conference on Distributed Systems Platforms, Heidelberg, Germany, November 2001.
[16] S. Ratnasamy, P. Francis, M. Handley, R. Karp. “A Scalable Content-Addressable Network,” in Proceedings of ACM SIGCOMM 2001, San Diego, CA, August 2001.
[17] K.W. Ross and D. Rubenstein. “Tutorial on P2P Systems,” presented at INFOCOM, 2004
[18] D. Seeley. “A tour of the worm,” in Proceedings of the Winter Usenix Conference, San Diego, CA, 1989.
[19] I. Stoica, R. Morris, D. Liben-Nwell, D. Karger, M. Kaashoek, F. Dabek, and H. Balakrishnan. “Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications,” IEEE/ACM Transactions on Networking, Vol. 11, No. 1, February 2003.
[20] S. Staniford, V. Paxson, N. Weaver. “How to 0wn the Internet in Your Spare Time,” in 11th Usenix Security Symposium, San Francisco, August 2002.
[21] N. Weaver, V. Paxson, S. Staniford, R. Cunningham. “A taxonomy of Computer Worms,” in Proceedings of WORM’03, Washington, DC, October 2003.
[22] B.Y. Zhao, J. Kubiatowicz, A.D. Joseph. “Tapestry: An Infrastructure for Fault-tolerant Wide-area Location and Routing,” Tech. Rep. UCB//CSD-01- 1141, April 2000.
[23] C.C. Zou, W. Gong, and D. Towsley. “Code Red Worm Propagation Modeling and Analysis,” in 9th ACM Symposium on Computer and Communication Security, pages 138-147, Washington DC, 2002.
[24] C.C. Zou, L. Gao, W. Gong, D. Towsley. “Monitoring and Early Warning for Internet Worms,” in Proceedings of ACM CCS’ 2001, San Diego, CA, August 2001.