Non-intrusive Identification of Peer-to-Peer Traffic

A Ulliac, BV Ghita

Research output: Contribution to journalConference proceedings published in a journalpeer-review

Abstract

Peer-to-peer protocols are increasingly implementing encryption and port randomisation to circumvent detection by traditional, signature-based classification systems. This paper proposes a novel method of identifying hosts and connections generating peer-to-peer traffic by observing the statistical attributes of the traffic. The method builds on existing statistical-based detection, but it uses a two-stage neural network to process the data and identify the peer-to-peer connections. A full architecture is also proposed to link the detection with a module producing ACL rules allowing segregating and blocking or shaping the peer-to-peer traffic in real time. The method was tested on real traffic, achieving accuracy between 85% and 98% at detecting peer-to-peer traffic from two packet traces.
Original languageEnglish
Pages (from-to)116-121
Number of pages0
JournalCommunication Theory, Reliability, and Quality of Service (CTRQ), 2010 Third International Conference on DOI - 10.1109/CTRQ.2010.27
Volume0
Issue number0
Publication statusPublished - 2010
EventCommunication Theory, Reliability, and Quality of Service (CTRQ), 2010 Third International Conference on -
Duration: 1 Jan 2010 → …

Fingerprint

Dive into the research topics of 'Non-intrusive Identification of Peer-to-Peer Traffic'. Together they form a unique fingerprint.

Cite this