Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A Longitudinal Study of P2P Traffic Classification
MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Understanding churn in peer-to-peer networks
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
SS'08 Proceedings of the 17th conference on Security symposium
Profiling and identification of P2P traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
P2P Networking and Applications
P2P Networking and Applications
Identifying the use of data/voice/video-based P2P traffic by DNS-query behavior
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Are Your Hosts Trading or Plotting? Telling P2P File-Sharing and Bots Apart
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Detecting stealthy P2P botnets using statistical traffic fingerprints
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Feature selection for detection of peer-to-peer botnet traffic
Proceedings of the 6th ACM India Computing Convention
P2P traffic classification using ensemble learning
Proceedings of the 5th IBM Collaborative Academia Research Exchange Workshop
Hi-index | 0.00 |
In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.