A methodology for P2P file-sharing traffic detection

Angelo Spognardi, Alessandro Lucarelli, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

40 Scopus citations

Abstract

Since the widespread adoption of peer-to-peer (P2P) networking during the late '90s, P2P applications have multiplied. Their diffusion and adoption are witnessed by the fact that P2P traffic accounts for a significant fraction of Internet traffic. Further, there are concerns regarding the use of these applications, for instance when they are employed to share copyright protected material. Hence, in many situations there would be many reasons to detect P2P traffic. In the late '90s, P2P traffic was easily recognizable since P2P protocols used application-specific TCP or UDP port numbers. However, P2P applications were quickly empowered with the ability to use arbitrary ports in an attempt to go undetected. Nowadays, P2P applications explicitly try to camouflage the originated traffic in an attempt to go undetected. Despite the presence of rules to detect P2P traffic, no methodology exists to extract them from applications without the use of reverse engineering. In this paper we develop a methodology to detect P2P traffic. It is based on the analysis of the protocol used by a P2P application, extraction of specific patterns unique to the protocol, coding of such a pattern in rules to be fed to an Intrusion Detection System (IDS), and validation of the pattern via network traffic monitoring with SNORT (an open source IDS) fed with the devised rules. In particular, we present a characterization of P2P traffic originated by the OpenNap and WPN protocols (implemented in the WinMx application) and FastTrack protocol (used by KaZaA) obtained using our methodology, that shows the viability of our proposal. Finally, we conclude the paper exposing our undergoing efforts in the extension of the methodology to exploit differences between centralized and decentralized P2P protocols, as well as the characterization of encrypted traffic, and highlight a new research direction in the identification of P2P traffic. © 2005 IEEE.
Original languageEnglish (US)
Title of host publicationProceedings - Second International Workshop on Hot Topics in Peer-to-Peer Systems, HOT-P2P 2005
Pages52-61
Number of pages10
DOIs
StatePublished - Dec 1 2005
Externally publishedYes

Fingerprint

Dive into the research topics of 'A methodology for P2P file-sharing traffic detection'. Together they form a unique fingerprint.

Cite this