Bandwidth impacts of localizing peer-to-peer IP video traffic in access and aggregation networks
EURASIP Journal on Wireless Communications and Networking
kP2PADM: An In-Kernel Architecture of P2P Management Gateway
IEICE - Transactions on Information and Systems
Context Aware Programmable Trackers for the Next Generation Internet
EUNICE '09 Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop on The Internet of the Future
Proposion and analysis of a TCP feature of P2P traffic
PAKDD'07 Proceedings of the 11th Pacific-Asia conference on Advances in knowledge discovery and data mining
BitTorrent: extra-locality P2P approach for grid content distribution networks
Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia
Methodology for detection and restraint of p2p applications in the network
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Since the widespread adoption of peer-to-peer (P2P) networking during the late ý90s, P2P applications have multiplied. Their diffusion and adoption are witnessed by the fact that P2P traffic accounts for a significant fraction of Internet traffic. Further, there are concerns regarding the use of these applications, for instance when they are employed to share copyright protected material. Hence, in many situations there would be many reasons to detect P2P traffic. In the late ý90s, P2P traffic was easily recognizable since P2P protocols used application-specific TCP or UDP port numbers. However, P2P applications were quickly empowered with the ability to use arbitrary ports in an attempt to go undetected. Nowadays, P2P applications explicitly try to camouflage the originated traffic in an attempt to go undetected. Despite the presence of rules to detect P2P traffic, no methodology exists to extract them from applications without the use of reverse engineering. In this paper we develop a methodology to detect P2P traffic. It is based on the analysis of the protocol used by a P2P application, extraction of specific patterns unique to the protocol, coding of such a pattern in rules to be fed to an Intrusion Detection System (IDS), and validation of the pattern via network traffic monitoring with SNORT (an open source IDS) fed with the devised rules. In particular, we present a characterization of P2P traffic originated by the OpenNap and WPN protocols (implemented in the WinMx application) and FastTrack protocol (used by KaZaA) obtained using our methodology, that shows the viability of our proposal. Finally, we conclude the paper exposing our undergoing efforts in the extension of the methodology to exploit differences between