Abstract
Peer-to-peer protocols are increasingly implementing encryption and port randomisation to circumvent detection by traditional, signature-based classification systems. This paper proposes a novel method of identifying hosts and connections generating peer-to-peer traffic by observing the statistical attributes of the traffic. The method builds on existing statistical-based detection, but it uses a two-stage neural network to process the data and identify the peer-to-peer connections. A full architecture is also proposed to link the detection with a module producing ACL rules allowing segregating and blocking or shaping the peer-to-peer traffic in real time. The method was tested on real traffic, achieving accuracy between 85% and 98% at detecting peer-to-peer traffic from two packet traces.
Original language | English |
---|---|
Pages (from-to) | 116-121 |
Number of pages | 0 |
Journal | Communication Theory, Reliability, and Quality of Service (CTRQ), 2010 Third International Conference on DOI - 10.1109/CTRQ.2010.27 |
Volume | 0 |
Issue number | 0 |
Publication status | Published - 2010 |
Event | Communication Theory, Reliability, and Quality of Service (CTRQ), 2010 Third International Conference on - Duration: 1 Jan 2010 → … |