Peer-to-Peer Networking and Applications

, Volume 6, Issue 2, pp 155–174 | Cite as

Detection and mitigation of localized attacks in a widely deployed P2P network

  • Thibault CholezEmail author
  • Isabelle Chrisment
  • Olivier Festor
  • Guillaume Doyen


Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers’ ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks.


P2P networks Distributed hash table KAD Monitoring Security Sybil attack Attack detection Defense 


  1. 1.
    Cholez T, Chrisment I, Festor O (2009) Evaluation of sybil attacks protection schemes in KAD. In: 3rd international conference on Autonomous Infrastructure, Management and Security—AIMS 2009 Scalability of networks and services. Lecture notes in computer science, vol 5637. Enschede Pays-Bas. University of Twente, Springer, pp 70–82Google Scholar
  2. 2.
    Cholez T, Chrisment I, Festor O (2010) Efficient DHT attack mitigation through peers’ ID distribution. In: Seventh international workshop on hot topics in peer-to-peer systems—HotP2P 2010, Atlanta USA. IEEE International Parallel & Distributed Processing SymposiumGoogle Scholar
  3. 3.
    Cholez T, Chrisment I, Festor O (2010) Monitoring and controlling content access in KAD. In: International Conference on Communications—ICC 2010. IEEE, Capetown South AfricaGoogle Scholar
  4. 4.
    Dinger J, Hartenstein H (2006) Defending the sybil attack in P2P networks: taxonomy, challenges, and a proposal for self-registration. In: First international conference on Availability, Reliability and Security (ARES 2006), pp 756–763Google Scholar
  5. 5.
    Danezis G, Lesniewski-Laas C, Kaashoek MF, Anderson RJ (2005) Sybil-resistant dht routing. In: De Capitani di Vimercati S, Syverson PF, Gollmann D (eds) ESORICS. Lecture notes in computer science, vol 3679. Springer, pp 305–318Google Scholar
  6. 6.
    Douceur JR (2002) The sybil attack. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer-Verlag, London, UK, pp 251–260Google Scholar
  7. 7.
    Kohnen M, Leske M, Rathgeb EP (2009) Conducting and optimizing eclipse attacks in the KAD peer-to-peer network. In: NETWORKING ’09: proceedings of the 8th international IFIP-TC 6 networking conference. Springer-Verlag, Berlin, Heidelberg, pp 104–116Google Scholar
  8. 8.
    Le Blond S, Legout A, Le Fessant F, Dabbous W, Kaafar MA (2010) Spying the world from your laptop—identifying and profiling content providers and big downloaders in bittorrent. In: 3rd USENIX workshop on Large-Scale Exploits and Emergent Threats (LEET’10). Usenix, San Jose, CA, USAGoogle Scholar
  9. 9.
    Locher T, Mysicka D, Schmid S, Wattenhofer R (2010) Poisoning the kad network In: 11th International Conference on Distributed Computing and Networking (ICDCN), Kolkata, IndiaGoogle Scholar
  10. 10.
    Lesueur F, Mé L, Tong VVT (2008) A sybil-resistant admission control coupling SybilGuard with distributed certification. In: Proceedings of the 4th international workshop on Collaborative Peer-to-Peer Systems (COPS). IEEE Computer Society, Rome, ItalyGoogle Scholar
  11. 11.
    Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in p2p file sharing systems. In: INFOCOM. IEEE Computer Society, IEEEGoogle Scholar
  12. 12.
    Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the XOR metric. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer-Verlag, London, UK, pp 53–65Google Scholar
  13. 13.
    Memon G, Rejaie R, Guo Y, Stutzbach D (2009) Large-scale monitoring of DHT traffic. In: International Workshop on Peer-to-Peer Systems (IPTPS), Boston, MAGoogle Scholar
  14. 14.
    Naoumov N, Ross K (2006) Exploiting p2p systems for ddos attacks. In: InfoScale ’06: proceedings of the 1st international conference on scalable information systems. 2006. ACM, New York, NY, USA, p 47CrossRefGoogle Scholar
  15. 15.
    Piatek M, Kohno T, Krishnamurthy A (2008) Challenges and directions for monitoring p2p file sharing networks—or—why my printer received a dmca takedown notice. In:HotSec. USENIX AssociationGoogle Scholar
  16. 16.
    Potharaju R, Seibert J, Fahmy S, Nita-Rotaru C (2011) Omnify: investigating the visibility and effectiveness of copyright monitors. In: Proceedings of the 12th international conference on passive and active measurement, PAM’11. Springer-Verlag, Berlin, Heidelberg, pp 122–132Google Scholar
  17. 17.
    Rowaihy H, Enck W, McDaniel P, Porta TL (2007) Limiting sybil attacks in structured p2p networks. In: INFOCOM. IEEE Computer Society, IEEE, pp 2596–2600Google Scholar
  18. 18.
    Singh A, Castro M, Druschel P, Rowstron A (2004) Defending against eclipse attacks on overlay networks. In: EW 11: proceedings of the 11th workshop on ACM SIGOPS European workshop. ACM, New York, NY, USA, p 21CrossRefGoogle Scholar
  19. 19.
    Steiner M, En-Najjary T, Biersack EW (2007) Exploiting kad: possible uses and misuses. SIGCOMM Comput Commun Rev 37(5):65–70CrossRefGoogle Scholar
  20. 20.
    Steiner M, En-Najjary T, Biersack EW (2007) A global view of kad. In: IMC 2007, ACM SIGCOMM internet measurement conference, 23–26 Oct 2007, San Diego, USAGoogle Scholar
  21. 21.
    Siganos G, Pujol JM, Rodriguez P (2009) Monitoring the bittorrent monitors: a bird’s eye view. In: Proceedings of the 10th international conference on passive and active network measurement, PAM ’09. Springer-Verlag, Berlin, Heidelberg, pp 175–184CrossRefGoogle Scholar
  22. 22.
    Sokal RR, Rohlf FJ (1994) Biometry: the principles and practice of statistics in biological research (3rd edn). Freeman, New YorkGoogle Scholar
  23. 23.
    Timpanaro JP, Cholez T, Chrisment I, Festor I (2011) When kad meets bittorrent—building a stronger p2p network. In: Eighth international workshop on hot topics in peer-to-peer systems—HotP2P 2011, Anchorage, USA. IEEE International parallel & distributed processing symposiumGoogle Scholar
  24. 24.
    Wang P, Tyra J, Chan-Tin E, Malchow T, Kune DF, Hopper N, Kim Y (2008) Attacking the kad network. In: SecureComm ’08: Proceedings of the 4th international conference on Security and privacy in communication netowrks. ACM, New York, NY, USA, pp 1–10CrossRefGoogle Scholar
  25. 25.
    Yu J, Fang C, Xu J, Chang EC, Li Z (2009) Id repetition in KAD. In: Schulzrinne H, Aberer K, Datta A (eds) Peer-to-peer computing. IEEE, pp 111–120Google Scholar
  26. 26.
    Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. In: SIGCOMM ’06: proceedings of the 2006 conference on applications, technologies, architectures, and protocols for computer communications. ACM, New York, NY, USA, pp 267–278CrossRefGoogle Scholar

Copyright information

© Springer Science + Business Media, LLC 2012

Authors and Affiliations

  • Thibault Cholez
    • 1
    Email author
  • Isabelle Chrisment
    • 2
  • Olivier Festor
    • 2
  • Guillaume Doyen
    • 1
  1. 1.Université de Technologie de TroyesTroyesFrance
  2. 2.LORIA, INRIA Nancy-Grand EstVandoeuvre-les-NancyFrance

Personalised recommendations