Skip to main content
SpringerLink
Log in

Unwanted Traffic Identification in Large-Scale University Networks: A Case Study

  • Chapter
  • First Online:
Big Data Analytics

  • 5010 Accesses

Abstract

To mitigate the malicious impact of P2P traffic on University networks, in this article the authors have proposed the design of payload-oblivious privacy-preserving P2P traffic detectors. The proposed detectors do not rely on payload signatures, and hence, are resilient to P2P client and protocol changes—a phenomenon which is now becoming increasingly frequent with newer, more popular P2P clients/protocols. The article also discusses newer designs to accurately distinguish P2P botnets from benign P2P applications. The datasets gathered from the testbed and other sources range from Gigabytes to Terabytes containing both unstructured and structured data assimilated through running of various applications within the University network. The approaches proposed in this article describe novel ways to handle large amounts of data that is collected at unprecedented scale in authors’ University network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahn YY, Bagrow JP, Lehmann S (2010) Link communities reveal multiscale complexity in networks. Nature 466(7307):761–764

    Article  Google Scholar 

  2. Berket K, Essiari A, Muratas A (2004) Pki-based security for peer-to-peer information sharing. In: Fourth international conference on peer-to-peer computing, 2004. Proceedings. IEEE, pp 45–52

    Google Scholar 

  3. Blondel VD, Guillaume JL, Lambiotte R, Lefebvre E (2008) Fast unfolding of communities in large networks. J Stat Mech: Theory Exp (10):P10,008

    Google Scholar 

  4. Borisov N (2006) Computational puzzles as sybil defenses. In: Sixth IEEE international conference on peer-to-peer computing, 2006. P2P 2006. IEEE, pp 171–176

    Google Scholar 

  5. Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Oper Syst Rev 36(SI):299–314

    Google Scholar 

  6. Condie T, Kacholia V, Sank S, Hellerstein JM, Maniatis P (2006) Induced churn as shelter from routing-table poisoning. In: NDSS

    Google Scholar 

  7. Dash M, Liu H (2003) Consistency-based search in feature selection. Artif Intell 151(1):155–176

    Article  MathSciNet  MATH  Google Scholar 

  8. Daswani N, Garcia-Molina H (2002) Query-flood dos attacks in gnutella. In: Proceedings of the 9th ACM conference on computer and communications security., CCS ’02ACM, New York, NY, USA, pp 181–192

    Google Scholar 

  9. Day DJ, Burns BM (2011) A performance analysis of snort and suricata network intrusion detection and prevention engines. In: The Fifth international conference on digital society

    Google Scholar 

  10. Dhungel P, Hei X, Ross KW, Saxena N (2007) The pollution attack in p2p live video streaming: measurement results and defenses. In: Proceedings of the 2007 workshop on peer-to-peer streaming and IP-TV. ACM, pp 323–328

    Google Scholar 

  11. Douceur JR (2002) The sybil attack. In: Peer-to-peer systems. Springer, pp 251–260

    Google Scholar 

  12. Falliere N (2011) Sality: story of a peer-to-peer viral network. Symantec Corporation, Rapport technique

    Google Scholar 

  13. Feldman M, Papadimitriou C, Chuang J, Stoica I (2006) Free-riding and whitewashing in peer-to-peer systems. IEEE J Sel Areas Commun 24(5):1010–1019

    Article  Google Scholar 

  14. François J, Wang S, State R, Engel T (2011) Bottrack: tracking botnets using netflow and pagerank. In: Proceedings of the 10th International IFIP TC 6 conference on networking—volume Part I, NETWORKING ’11. Springer, Berlin, pp 1–14

    Google Scholar 

  15. GarcĂ­a S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur

    Google Scholar 

  16. Hall MA (1999) Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato

    Google Scholar 

  17. Hang H, Wei X, Faloutsos M, Eliassi-Rad T (2013) Entelecheia: detecting p2p botnets in their waiting stage. In: IFIP networking conference, 2013. IEEE, USA, pp 1–9

    Google Scholar 

  18. Haribabu K, Arora D, Kothari B, Hota C (2010) Detecting sybils in peer-to-peer overlays using neural networks and captchas. In: 2010 International conference on computational intelligence and communication networks (CICN). IEEE, pp 154–161

    Google Scholar 

  19. Haribabu K, Hota C, Paul A (2012) Gaur: a method to detect sybil groups in peer-to-peer overlays. Int J Grid Util Comput 3(2):145–156

    Article  Google Scholar 

  20. Jolliffe I (2005) Principal component analysis. Wiley Online Library

    Google Scholar 

  21. Karagiannis T, Broido A, Faloutsos M et al (2004) Transport layer identification of p2p traffic. In: Proceedings of the 4th ACM SIGCOMM conference on internet measurement. ACM, pp 121–134

    Google Scholar 

  22. Karagiannis T, Papagiannaki K, Faloutsos M (2005) Blinc: multilevel traffic classification in the dark. ACM SIGCOMM Comput Commun Rev 35:229–240 (ACM)

    Google Scholar 

  23. Li J, Zhang S, Lu Y, Yan J (2008) Real-time p2p traffic identification. In: Global telecommunications conference, 2008., IEEE GLOBECOM 2008. IEEE, USA, pp 1–5

    Google Scholar 

  24. Liang J, Kumar R, Xi Y, Ross KW (2005) Pollution in p2p file sharing systems. In: INFOCOM 2005. 24th Annual joint conference of the IEEE computer and communications societies. Proceedings IEEE, vol 2. IEEE, pp 1174–1185

    Google Scholar 

  25. Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in p2p file sharing systems. In: INFOCOM. Citeseer, pp 1–12

    Google Scholar 

  26. Livadas C, Walsh R, Lapsley D, Strayer WT (2006) Using machine learning techniques to identify botnet traffic. In: 31st IEEE conference on local computer networks, proceedings 2006. IEEE, pp 967–974

    Google Scholar 

  27. Locher T, Mysicka D, Schmid S, Wattenhofer R (2010) Poisoning the kad network. In: Distributed computing and networking. Springer, pp 195–206

    Google Scholar 

  28. Masud MM, Gao J, Khan L, Han J, Thuraisingham B (2008) Mining concept-drifting data stream to detect peer to peer botnet traffic. University of Texas at Dallas Technical Report# UTDCS-05- 08

    Google Scholar 

  29. Mehra P (2012) A brief study and comparison of snort and bro open source network intrusion detection systems. Int J Adv Res Comput Commun Eng 1(6):383–386

    Google Scholar 

  30. Nagaraja S (2014) Botyacc: unified p2p botnet detection using behavioural analysis and graph analysis. In: Computer security-ESORICS 2014. Springer, pp 439–456

    Google Scholar 

  31. Narang P, Hota C, Venkatakrishnan V (2014) Peershark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification. EURASIP J Inf Secur 2014(1):1–12

    Article  Google Scholar 

  32. Narang P, Khurana V, Hota C (2014) Machine-learning approaches for p2p botnet detection using signal-processing techniques. In: Proceedings of the 8th ACM international conference on distributed event-based systems. ACM, pp 338–341

    Google Scholar 

  33. Narang P, Ray S, Hota C, Venkatakrishnan V (2014) Peershark: detecting peer-to-peer botnets by tracking conversations. In: Security and privacy workshops (SPW), 2014. IEEE, pp 108–115

    Google Scholar 

  34. Narang P, Reddy JM, Hota C (2013) Feature selection for detection of peer-to-peer botnet traffic. In: Proceedings of the 6th ACM India computing convention, pp 16:1–16:9

    Google Scholar 

  35. Puttaswamy KP, Zheng H, Zhao BY (2009) Securing structured overlays against identity attacks. IEEE Trans Parallel Distrib Syst 20(10):1487–1498

    Article  Google Scholar 

  36. Rahbarinia B, Perdisci R, Lanzi A, Li K (2013) Peerrush: mining for unwanted p2p traffic. Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 62–82

    Google Scholar 

  37. Ratnasamy S, Francis P, Handley M, Karp R, Shenker S (2001) A scalable content-addressable network, vol 31. ACM

    Google Scholar 

  38. Reddy JM, Hota C (2013) P2p traffic classification using ensemble learning. In: Proceedings of the 5th IBM collaborative academia research exchange workshop. ACM, p 14

    Google Scholar 

  39. Roesch M et al (1999) Snort: lightweight intrusion detection for networks. LISA 99:229–238

    Google Scholar 

  40. Rowstron A, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware 2001. Springer, pp 329–350

    Google Scholar 

  41. Ruehrup S, Urbano P, Berger A, D’Alconzo A (2013) Botnet detection revisited: Theory and practice of finding malicious p2p networks via internet connection graphs. In: 2013 IEEE conference on computer communications workshops (INFOCOM WKSHPS). IEEE, pp 435–440

    Google Scholar 

  42. Schoof R, Koning R (2007) Detecting peer-to-peer botnets. University of Amsterdam. Technical report

    Google Scholar 

  43. Sen S, Spatscheck O, Wang D (2004) Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of the 13th international conference on World Wide Web. ACM, pp 512–521

    Google Scholar 

  44. Singh A et al (2006) Eclipse attacks on overlay networks: threats and defenses. In: IEEE INFOCOM, Citeseer

    Google Scholar 

  45. Steiner M, En-Najjary T, Biersack EW (2007) Exploiting kad: possible uses and misuses. ACM SIGCOMM Comput Commun Rev 37(5):65–70

    Article  Google Scholar 

  46. Stover S, Dittrich D, Hernandez J, Dietrich S (2007) Analysis of the storm and nugache trojans: P2p is here. USENIX 32(6):18–27

    Google Scholar 

  47. Tegeler F, Fu X, Vigna G, Kruegel C (2012) Botfinder: finding bots in network traffic without deep packet inspection. In: Proceedings of the 8th international conference on emerging networking experiments and technologies. ACM, pp 349–360

    Google Scholar 

  48. Trifa Z, Khemakhem M (2012) Taxonomy of structured p2p overlay networks security attacks. World Acad Sci, Eng Technol 6(4):460–466

    Google Scholar 

  49. Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Comput Commun Rev 36(4):267–278

    Article  Google Scholar 

  50. Yue X, Qiu X, Ji Y, Zhang C (2009) P2p attack taxonomy and relationship analysis. In: 11th International conference on advanced communication technology, 2009. ICACT 2009, vol 2. IEEE, pp 1207–1210

    Google Scholar 

  51. Zhang R, Zhang J, Chen Y, Qin N, Liu B, Zhang Y (2011) Making eclipse attacks computationally infeasible in large-scale dhts. In: 2011 IEEE 30th International performance computing and communications conference (IPCCC). IEEE, pp 1–8

    Google Scholar 

Download references

Acknowledgments

This work was supported by Grant number 12(13)/2012-ESD for scientific research under Cyber Security area from the Department of Information Technology, Govt. of India, New Delhi, India.

Author information

Authors and Affiliations

  1. BITS-Pilani Hyderabad Campus, Hyderabad, India

    Chittaranjan Hota, Pratik Narang & Jagan Mohan Reddy

Authors
  1. Chittaranjan Hota
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pratik Narang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jagan Mohan Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chittaranjan Hota .

Editor information

Editors and Affiliations

  1. Indian Institute of Public Health , Hyderabad, India

    Saumyadipta Pyne

  2. CRRao AIMSCS, University of Hyderabad Campus CRRao AIMSCS, Hyderabad, India

    B.L.S. Prakasa Rao

  3. CRRao AIMSCS, University of Hyderabad Campus CRRao AIMSCS, Hyderabad, India

    S.B. Rao

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer India

About this chapter

Cite this chapter

Hota, C., Narang, P., Reddy, J.M. (2016). Unwanted Traffic Identification in Large-Scale University Networks: A Case Study. In: Pyne, S., Rao, B., Rao, S. (eds) Big Data Analytics. Springer, New Delhi. https://doi.org/10.1007/978-81-322-3628-3_9

Download citation

Publish with us

Policies and ethics

Search

Navigation