The behavior of both botnets and worms in peer-to-peer networks have been empirically examined and models or simulations of their behavior have been attempted, and the manner in which different nodes in peer-to-peer networks develop in and of themselves and in terms of their relationships with other nodes -- the very architecture of the network itself, in other words, which is necessarily dynamic in a peer-to-peer network -- makes it easier for these threats to spread and evolve undetected due to this architecture and to the patterns of information flow over such networks (Fan, 2011; Xu et al., 2011). When it comes to worms propagating in peer-to-eer networks, the activity of the worm itself has been demonstrated to be the most necessary knowledge in terms of tracking and preventing the continued spread and damage of such a threat, while botnets generally show more "robustness" an are better impacted by shifts in the network itself, specifically by decentralizing nodes in an attempt to isolate and eliminate the botnet (Fan, 2011; Xu et al., 2011). Both of these threats are more difficult to track and eliminate when unstructured in nature and/or environment.
As the research into peer-to-peer network shows, the less structured a network is the more vulnerable it is to unstructured attacks, and thus ultimately to unstructured attacks as well. When networks are created on the fly or "ad hoc," they become that much more unstructured; even if they are implemented for a specific purpose the very nature of an ad hoc network means that it is built not form an explicit plan and method of resource acquisition, but simply growing in whatever manner it is possible to grow in order to achieve the needs of the network users/architects (Yang et al., 2010). Pattern recognition becomes more difficult when the network does not have dependable data for normal usage, making threat detection incredibly difficult especially for unstructured threats that do not necessarily attempt to adversely affect network performance or inappropriately utilize or access sensitive data (Yang et al., 2010). Given the potential for a seemingly innocuous unstructured attack to suddenly achieve real and drastic damaging effects these threats are still important to counter, but the difficulty of detection can make this all but impossible (Yang et al., 2010). Several approaches to threat detection have been developed, of course, but the appropriate detection and reaction method is dictated both by certain network features and by features of the potential or actual threat/attack, and thus the issue remains complex and often very difficult to deal with even fro experienced network security monitors (Yang et al., 2010).
One attempt to more effectively model behaviors and relationships in unstructured networks and unstructured threats or attacks has been to use some of the relationships and mechanisms defined and described in game theory as a means of predicting actions taken by network users and would-be attackers in unstructured scenarios (Manshaei et al., 2011). The authors of this particular piece of research claim to have made some headway in terms of describing threats and attacks from this perspective, yet they themselves are not able to identify any clear solutions from their preliminary findings and instead simply suggest that further research is required in this area (Manshaei et al., 2011). In truth, it is not entirely clear that the game theory perspective will prove to be an adequate approach to the problems of unstructured threats and attacks, and indeed there are other frameworks that appear to provide more direct, coherent, and consistent results. Developing new perspectives for network architecture and alert signaling using more traditional frameworks for threat definition and prediction could prove ore effective than trying to rebuild the very manner in which threats are predicted, and indeed there has been some experimental success demonstrated with specific new architectures and signaling triggers when it comes to unstructured attack detection and prevention (Colajanni et al., 2010). Practical efforts built on existing theory, even when those theories are based on the limited knowledge available to researchers in the area and real-world network security monitors, appear to be more effective than changes in underlying theory and modeling (Colajanni et al., 2010; Manshaei et al., 2011).
As the current research shows, being able to define, predict, and respond to unstructured threats is still a very significant problem in network security monitoring, and one that is in need of further research before it can be considered adequately addressed and properly understood. There are both general and specific problems when it comes to unstructured threats and attacks on a network, from the lack of direct harm that many unstructured attacks might have, at least initially, to the psychological rather than mathematical/rational factors that drive unstructured attacks and the attackers behind them. The research has definitively laid out many of these problems, and in fact it is in this area that current knowledge can be considered the most complete -- the problems themselves are relatively specific and well-defined, meaning that there are clear and concise questions that can be posed as to how to best prevent, detect, and respond to unstructured threats and attacks. Where the research is lacking, unfortunately, is in providing concrete and concise answers to these questions, and providing some semblance of a structured framework for dealing with unstructured threats. The problem here is self-evident, yet this is still the trajectory that research should follow.
There are many questions left unanswered and many potential answers that have yet to be sufficiently explored. Peer-to-peer networks and other semi-structured and largely unstructured networks obviously present a major problem to network security and thus to network security monitors, providing an attractive target to many would-be unstructured attackers and allowing unstructured threats and attacks to propagate more easily and remain more hidden than in other networks. The actual damage that can be caused here and the means of effectively addressing peer-to-peer network threats is relatively minimal despite the level of detail existent in certain studies, and the vast majority of the research in this area appears to be built on modeling and simulation, without any real-world observational evidence to validate the claims being made. Security efforts need to be built o real-world practical experience, and while the advancement of theory is undoubtedly key in helping to achieve continued advancement in practical knowledge there appears to be an over-emphasis on the theoretical in many pieces of research, and a lack of direct connection to practical concerns and constraints. Unstructured attacks are generally well understood un theory, and hwile new theories might help to better explain these attacks and their motivations, mechanisms, and effects, right now the dearth of practical knowledge is more substantial and more pressing. Only when these practical efforts have been refined and shown to be lacking should new theoretical explanations be the focus of research, and a shift in this direction would be advantageous to the research community as well as to practitioners of network security monitoring and all organizations and individuals served by enhanced network security capabilities.
There are many threats facing modern networks, whether they are fully structured and purposefully constructed networks contained within a single organization, large peer-to-peer networks with a variety of node types and relationships, or ad-hoc networks constructed one day and gone the next. Unstructured attacks can and do affect all of these network types, and though they begin less maliciously than do structured threats and attacks their consequences can still be quite significant. Further research is necessary to fully and adequately provide an understanding of best practices when it comes to confronting unstructured threats and attacks, but an awareness of these threats and their potential is a solid beginning to their effective containment.
Ahmad, N. & Habib, M. (2010). Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution. Blekinge Institute of Technology (thesis).
Barth, W. (2008). Nagios: System and Network Monitoring. San Francisco: Open Source Press.
Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion Detection. New York: Pearson.
Cao, J. & Liu, Z. (2012). A Distributed Trust Model in Unstructured P2P Networks. Recent Advances in Computer Science and Information Engineering 126: 635-41.
Colajanni, M., Marchetti, M. & Messori, M. (2010). Selective and early threat detection in large networked systems. 10th IEEE International Conference on Computer and Information Technology 604-11.
Fan, X. (2011). Modeling and Simulating the Propagation of Unstructured Peer-to-Peer Worms. Seventh International Conference on Computational Intelligence and Security.
Manshaei, M., Zhu, Q., Alpcan, T., Basar, T. & hubaux, J. (2011). Game Theory Meets Network Security and Privacy. ACM Computing Surveys.
Stiawan, D., Idris, M., Yazid a. & Hanan, a. (2011) Research on Heteregeneous Data for Recognizing Threat. International Conference on Software & Data Technologies