A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Measuring IP and TCP behavior on edge nodes with Tstat
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Identifying Known and Unknown Peer-to-Peer Traffic
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
The impact and implications of the growth in residential user-to-user traffic
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A Measurement Study of the Structured Overlay Network in P2P File-Sharing Applications
ISM '06 Proceedings of the Eighth IEEE International Symposium on Multimedia
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
The P2P war: Someone is monitoring your activities
Computer Networks: The International Journal of Computer and Telecommunications Networking
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Misusing unstructured p2p systems to perform dos attacks: the network that never forgets
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Monitoring, analyzing and characterizing lookup traffic in a large-scale DHT
Computer Communications
On blind mice and the elephant: understanding the network impact of a large distributed system
Proceedings of the ACM SIGCOMM 2011 conference
Online NetFPGA decision tree statistical traffic classifier
Computer Communications
Hi-index | 0.00 |
While peer-to-peer (P2P) systems have emerged in popularity in recent years, their large-scale and complexity make them difficult to reason about. In this paper, we argue that systematic analysis of traffic characteristics of P2P systems can reveal a wealth of information about their behavior, and highlight potential undesirable activities that such systems may exhibit. As a first step to this end, we present an offline and semi-automated approach to detect undesirable behavior. Our analysis is applied on real traffic traces collected from a Point-of-Presence (PoP) of a national-wide ISP in which over 70% of the total traffic is due to eMule [19], a popular P2P file-sharing system. Flow-level measurements are aggregated into "samples" referring to the activity of each host during a time interval. We then employ a clustering technique to automatically and coarsely identify similar behavior across samples, and extensively use domain knowledge to interpret and analyze the resulting clusters. Our analysis shows several examples of undesirable behavior including evidence of DDoS attacks exploiting live P2P clients, significant amounts of unwanted traffic that may harm network performance, and instances where the performance of participating peers may be subverted due to maliciously deployed servers. Identification of such patterns can benefit network operators, P2P system developers, and actual end-users.