Scholars@Duke

Finding peer-to-peer file-sharing using coarse network behaviors

Publication ,  Conference
Collins, MP; Reiter, MK
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
January 1, 2006
Published version (DOI)

A user who wants to use a service forbidden by their site's usage policy can masquerade their packets in order to evade detection. One masquerade technique sends prohibited traffic on TCP ports commonly used by permitted services, such as port 80. Users who hide their traffic in this way pose a special challenge, since filtering by port number risks interfering with legitimate services using the same port. We propose a set of tests for identifying masqueraded peer-to-peer file-sharing based on traffic summaries (flows). Our approach is based on the hypothesis that these applications have observable behavior that can be differentiated without relying on deep packet examination. We develop tests for these behaviors that, when combined, provide an accurate method for identifying these masqueraded services without relying on payload or port number. We test this approach by demonstrating that our integrated detection mechanism can identify BitTorrent with a 72% true positive rate and virtually no observed false positives in control services (FTP-Data, HTTP, SMTP). © Springer-Verlag Berlin Heidelberg 2006.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/11863908_1

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2006

Volume

4189 LNCS

Start / End Page

1 / 17

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Collins, M. P., & Reiter, M. K. (2006). Finding peer-to-peer file-sharing using coarse network behaviors. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4189 LNCS, pp. 1–17). https://doi.org/10.1007/11863908_1
Collins, M. P., and M. K. Reiter. “Finding peer-to-peer file-sharing using coarse network behaviors.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 4189 LNCS:1–17, 2006. https://doi.org/10.1007/11863908_1.
Collins MP, Reiter MK. Finding peer-to-peer file-sharing using coarse network behaviors. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2006. p. 1–17.
Collins, M. P., and M. K. Reiter. “Finding peer-to-peer file-sharing using coarse network behaviors.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4189 LNCS, 2006, pp. 1–17. Scopus, doi:10.1007/11863908_1.
Collins MP, Reiter MK. Finding peer-to-peer file-sharing using coarse network behaviors. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2006. p. 1–17.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/11863908_1

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2006

Volume

4189 LNCS

Start / End Page

1 / 17

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences