Peer-to-Peer Networking and Applications

, Volume 9, Issue 3, pp 498–507 | Cite as

A security monitoring method for malicious P2P event detection

  • Hyun Mi Jung
  • Il-Sun Hwang
  • Jeong-Kyung Moon
  • Hark- Soo ParkEmail author


Recently malicious code is spreading rapidly due to the use of P2P(peer to peer) file sharing. The malicious code distributed mostly transformed the infected PC as a botnet for various attacks by attackers. This can take important information from the computer and cause a large-scale DDos attack. Therefore it is extremely important to detect and block the malicious code in early stage. However a centralized security monitoring system widely used today cannot detect a sharing file on a P2P network. In this paper, to compensate the defect, P2P file sharing events are obtained and the behavior is analyzed. Based on the analysis a malicious file detecting system is proposed and synchronized with a security monitoring system on a virtual machine. In application result, it has been detected such as botnet malware using P2P. It is improved by 12 % performance than existing security monitoring system. The proposed system can detect suspicious P2P sharing files that were not possible by an existing system. The characteristics can be applied for security monitoring to block and respond to the distribution of malicious code through P2P.


Security monitoring system Virtual machine Malicious sharing file Behavior analysis P2P 



This research was supported by Building Security Service of Advanced KREONET Based funded by Korea Institute of Science and Technology Information.


  1. 1.
    Lee H-G (2012) “An effective security monitoring system based on correlation analysis of multiple security events,” Doctorate thesis, Dept. of Information Security Engineering, Chonbuk national UniversityGoogle Scholar
  2. 2.
    Buford (2008) “P2P Networking and Applications,” ElsevierGoogle Scholar
  3. 3.
    Tech Report (2014) “BitTorrent Analysis,” AhnLabGoogle Scholar
  4. 4.
    Bickson D, Reinman T, Dolev D, Pinkas B (2010) Peer-to-peer secure multi-party numerical computation facing malicious adversaries. Peer-to-Peer Netw Appl 3(2):129–144CrossRefGoogle Scholar
  5. 5.
    Selvaraj C, Anand S (2012) Peer profile based trust model for P2P systems using genetic algorithm. Peer-to-Peer Netw Appl 5(1):92–103CrossRefGoogle Scholar
  6. 6.
    Sen S, Wang J (2004) Analyzing peer-to-peer traffic across large networks. IEEE/ACM Trans Netw 12(2):219–232CrossRefGoogle Scholar
  7. 7.
    Seon Dong Heo (2011) “HTTP-based Bot detection based on traffic analysis,” Master’s Thesis, Dept. of Computer Science, KAISTGoogle Scholar
  8. 8.
    Lin S-C, Chen PS, Chang C-C (2014) A novel method of mining network flow to detect P2P botnets. Peer-to-Peer Netw Appl 7(4):645–654CrossRefGoogle Scholar
  9. 9.
    Bonghan K (2009) The structure of a P2P application for file sharing and the security threat. Korea Contents Assoc 7(1):20–27Google Scholar
  10. 10.
    Karagiannis T, Broido A, Faloutsos M, Kc claffy (2004) “Transport layer identification of P2P traffic,” IMC ‘04 Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp 121–134.Google Scholar
  11. 11.
    Tech Report (2014) “Science and technology cyber threats report,” Science and Technology Security CenterGoogle Scholar
  12. 12.
    Spitzner L (2002) Honeypots, “Tracking Hackers,”. Addison-Wesley Longman Publishing Co., Inc, BostonGoogle Scholar
  13. 13.
    Bächer P, Holz T, Kötter M, Wicherski G (2005) “Know your enemy: tracking botnets,” The honeynet project and research allianceGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Hyun Mi Jung
    • 1
  • Il-Sun Hwang
    • 1
  • Jeong-Kyung Moon
    • 2
  • Hark- Soo Park
    • 1
    Email author
  1. 1.Department of Advanced KREONET Security ServiceKorea Institute of Science and Technology InformationDaejeonKorea
  2. 2.Division of IT EducationSunmoon UniversityAsan-siKorea

Personalised recommendations