中文摘要：

作为当前十分流行的P2P文件共享网络，Kad网络容易受到来自索引节点层面的攻击。索引节点负责存储资源索引，并响应其他节点的搜索请求，其行为正确性会对P2P网络服务质量产生直接的影响。文中基于Anthill 测量系统，从IMDb，iTunes和Amazon网站中选取热门资源作为测量目标，在真实Kad网络中系统地测量和分析了资源共享过程中各类节点的行为；通过与标准Kad协议进行对比，对节点行为的正确性进行全面验证，从而获取恶意节点的行为特征。结果显示，目前Kad网络中存在两类恶意索引节点：选择性拒绝服务节点和无意义应答节点。这两类节点广泛存在于Kad网络中，总数高达数十万，并且其攻击行为具有相当的隐蔽性，严重干扰了正常文件搜索和下载过程。文中对两类节点的行为特征进行了深入分析，并在此基础上，提出了针对性较强、易于部署的防御方法。

英文摘要：

As one of the most popular P2P file sharing networks,Kad is vulnerable to attacksfrom index nodes.Index nodes take charge of storing resource indexes and providing responses tosearch requests.The correctness of their behavior would have direct impacts on the quality ofservice provided by P2P networks.Based on the measurement system Anthill,this paper selectedpopular resources from IMDb,iTunes and Amazon websites as targets,and systematically meas-ured and analyzed the behaviors of Kad nodes during the process of file sharing.By comparingwith the standard Kad protocol,we checked whether the behavior of some node is correct or not,and got the behavior characteristics of malicious nodes.The results show there are two kinds ofmalicious index nodes in the current Kad network：selective denial of service nodes and meaning-less response nodes,respectively.These nodes exist widely in Kad,with a population ofhundreds of thousands,and the attack behaviors have good invisibility.Therefore they seriouslydisrupt the normal processes of file searching and downloading.In this paper,we highlighted theanalysis of behavior characteristics of malicious nodes.Based on the analysis results,we proposedsome targeted and highly deployable defense methods.