Identifying skype nodes in the network exploiting mutual contacts

Authors:
Jan Jusko;Martin Rehak
Affiliations:
Faculty of Electrical Engineering, Czech Technical University, Prague, Czech Republic and Cognitive-Security s.r.o., Prague, Czech Republic;Faculty of Electrical Engineering, Czech Technical University, Prague, Czech Republic and Cognitive-Security s.r.o., Prague, Czech Republic
Venue:
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Year:
2012

Citing 3
Cited 0

Revealing skype traffic: when randomness plays with you

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
What is the impact of p2p traffic on anomaly detection?

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts

Proceedings of the 26th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present an algorithm that is able to progressively discover nodes of a Skype overlay P2P network. Most notably, super nodes in the network core. Starting from a single, known Skype node, we can easily identify other Skype nodes in the network, through the analysis of widely available and standardized IPFIX (NetFlow) data. Instead of relying on the analysis of content characteristics or packet properties of the flow itself, we monitor connections of known Skype nodes in the network and then progressively discover the other nodes through the analysis of their mutual contacts.