Advertisement

Methodology for Detection and Restraint of P2P Applications in the Network

  • Rodrigo M. P. Silva
  • Ronaldo M. Salles
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7336)

Abstract

P2P networks are consuming more and more Internet resources, it is estimated that approximately 70% of all Internet carried traffic is composed by packets from these networks. Moreover, they still represent the main infection vector for various types of malware and can be used as command and control channel for P2P botnets, besides being famous for being notoriously used to distribute a range of pirated files (movies, music, games,...). In this paper we present some typical characteristics of P2P networks and propose a new architecture based on filters to detect hosts running P2P applications. We also provide a methodology on how to prevent the communication of those hosts in order to avoid undesirable impacts in the operation of the network as a whole.

Keywords

Port Number Source Port Botnet Detection External Port Network Management Action 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Intrusion detection evaluation (1999), http://www.ll.mit.edu
  2. 2.
    A community resource for archiving wireless data at dartmouth, (2012), http://crawdad.cs.dartmouth.edu
  3. 3.
    Open packet (2012), https://www.openpacket.org
  4. 4.
    Recording industry association of america (2012), http://www.riaa.com, http://www.riaa.com/physicalpiracy.php
  5. 5.
    Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: Proceedings of the 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2011) (2011)Google Scholar
  6. 6.
    Bo, X., Ming, C., Lan, F.: Distributed p2p traffic identification method. In: Proceedings of the 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCOM 2009, pp. 4229–4232. IEEE Press, Piscataway (2009), http://dl.acm.org/citation.cfm?id=1738467.1738494 Google Scholar
  7. 7.
    Bush, R.: Fidonet: technology, tools, and history. Commun. ACM 36, 31–35 (1993), http://doi.acm.org/10.1145/163381.163383 CrossRefGoogle Scholar
  8. 8.
    Chen, F., Wang, M., Fu, Y., Zeng, J.: New detection of peer-to-peer controlled bots on the host. In: 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2009, pp. 1–4 (September 2009)Google Scholar
  9. 9.
    Choi, T., Kim, C., Yoon, S., Park, J., Lee, B., Kim, H., Chung, H., Jeong, T.: Content-aware internet application traffic measurement and analysis. In: IEEE/IFIP Network Operations and Management Symposium, NOMS 2004, vol. 1, pp. 511–524 (April 2004)Google Scholar
  10. 10.
    Chunzhi, W., Wei, J., Hong, C., Luo, W., Fang, H.: Research on a method of p2p traffic identification based on multi-dimension characteristics. In: 2010 5th International Conference on Computer Science and Education (ICCSE), pp. 1010–1013 (August 2010)Google Scholar
  11. 11.
    Erman, D., Ilie, D., Popescu, A.: Bittorrent session characteristics and models. In: Procedings of HETNETS 2005, p. 2007 (2005)Google Scholar
  12. 12.
    Erman, J., Mahanti, A., Arlitt, M., Williamson, C.: Identifying and discriminating between web and peer-to-peer traffic in the network core. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 883–892. ACM, New York (2007), http://doi.acm.org/10.1145/1242572.1242692 CrossRefGoogle Scholar
  13. 13.
    Hong, S.H.: Measuring the effect of napster on recorded music sales: Difference-in-differences estimates under compositional changes. Journal of Applied Econometrics, 1–28 (2011), http://dx.doi.org/10.1002/jae.1269
  14. 14.
    Iliofotou, M., Kim, H.C., Faloutsos, M., Mitzenmacher, M., Pappu, P., Varghese, G.: Graption: A graph-based p2p traffic classification framework for the internet backbone. Computer Networks 55(8), 1909–1920 (2011), http://linkinghub.elsevier.com/retrieve/pii/S1389128611000430 CrossRefGoogle Scholar
  15. 15.
    Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is p2p dying or just hiding (p2p traffic measurement). In: IEEE Global Telecommunications Conference, GLOBECOM 2004, November-December 3, vol. 3, pp. 1532–1538 (2004)Google Scholar
  16. 16.
    Karagiannis, T., Broido, A., Faloutsos, M., Claffy, K.: Transport layer identification of p2p traffic. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC 2004, pp. 121–134. ACM, New York (2004), http://doi.acm.org/10.1145/1028788.1028804 CrossRefGoogle Scholar
  17. 17.
    Kim, J., Shah, K., Bohacek, S.: Detecting p2p traffic from the p2p flow graph. In: IWCMC, pp. 1795–1800. IEEE (2011), http://dblp.uni-trier.de/db/conf/iwcmc/iwcmc2011.html#KimSB11
  18. 18.
    Lin, H., Ma, R., Guo, L., Zhang, P., Chen, X.: Conducting routing table poisoning attack in dht networks. In: International Conference on Communications, Circuits and Systems (ICCCAS), pp. 254–258 (July 2010)Google Scholar
  19. 19.
    Liu, F., Li, Z., Nie, Q.: A new method of p2p traffic identification based on support vector machine at the host level. In: International Conference on Information Technology and Computer Science, ITCS 2009, vol. 2, pp. 579–582 (July 2009)Google Scholar
  20. 20.
    Locher, T., Mysicka, D., Schmid, S., Wattenhofer, R.: A peer activity study in edonkey & kad (1995)Google Scholar
  21. 21.
    Moore, A.W., Papagiannaki, K.: Toward the Accurate Identification of Network Applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Ripeanu, M.: Peer-to-peer architecture case study: Gnutella network. In: Proceedings of First International Conference on Peer-to-Peer Computing, pp. 99–100 (August 2001)Google Scholar
  23. 23.
    Sit, E., Morris, R., Kaashoek, M.F.: Usenetdht: a low-overhead design for usenet. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008, pp. 133–146. USENIX Association, Berkeley (2008), http://dl.acm.org/citation.cfm?id=1387589.1387599 Google Scholar
  24. 24.
    Spognardi, A., Lucarelli, A., Di Pietro, R.: A methodology for p2p file-sharing traffic detection. In: Second International Workshop on Hot Topics in Peer-to-Peer Systems, HOT-P2P 2005, pp. 52–61 (July 2005)Google Scholar
  25. 25.
    Ulliac, A., Ghita, B.V.: Non-intrusive identification of peer-to-peer traffic. In: Proceedings of the 2010 Third International Conference on Communication Theory, Reliability, and Quality of Service, CTRQ 2010, pp. 116–121. IEEE Computer Society, Washington, DC (2010), http://dx.doi.org/10.1109/CTRQ.2010.27 CrossRefGoogle Scholar
  26. 26.
    Wang, P., Wu, L., Aslam, B., Zou, C.: A systematic study on Peer-to-Peer botnets. In: Proceedings of 18th Internatonal Conference on Computer Communications and Networks, ICCCN 2009, pp. 1–8 (August 2009)Google Scholar
  27. 27.
    Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., Luo, X.: Detecting stealthy p2p botnets using statistical traffic fingerprints. In: International Conference on Dependable Systems and Networks, pp. 121–132 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Rodrigo M. P. Silva
    • 1
  • Ronaldo M. Salles
    • 1
  1. 1.Military Institute of EngineeringRio de JaneiroBrazil

Personalised recommendations