Identifying the use of data/voice/video-based P2P traffic by DNS-query behavior

Authors:
Hung-Shen Wu;Nen-Fu Huang;Guan-Hao Lin
Affiliations:
Institute of Communications Engineering, National Tsing Hua University, Taiwan;Institute of Communications Engineering, National Tsing Hua University, Taiwan and Department of Computer Science, National Tsing Hua University, Taiwan;Department of Computer Science, National Tsing Hua University, Taiwan
Venue:
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Year:
2009

Citing 12
Cited 3

Analyzing peer-to-peer traffic across large networks

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Measurement, modeling, and analysis of a peer-to-peer file-sharing workload

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
An analysis of Internet chat systems

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Accurate, scalable in-network identification of p2p traffic using application signatures

Proceedings of the 13th international conference on World Wide Web
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
An analysis of internet content delivery systems

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Dynamic application-layer protocol analysis for network intrusion detection

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Toward the accurate identification of network applications

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement

Traffic causality graphs: profiling network applications through temporal and spatial causality of flows

Proceedings of the 23rd International Teletraffic Congress
An overview of VoIP and P2P copyright and lawful-interception issues in the United States and Taiwan

Digital Investigation: The International Journal of Digital Forensics & Incident Response
PeerRush: mining for unwanted p2p traffic

DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

There are more and more P2P applications in the Internet, with or without encrypted content. The P2P applications can be classified into three categories: file sharing (BT, eMule), VoIP (Skype, MSN), and Video streaming (PPStream, PPLive). By observing the common communication nature among the peers, this paper proposes a simple but efficient way to identify the P2P traffic by the DNS query behavior. Experimental results illustrate that the proposed mechanism is able to accurately identify if a host is using data/voice/video-based P2P traffic, even the packet content is encrypted. The proposed mechanism is also capable of detecting future unknown P2P applications as long as they perform the common P2P behaviors.