Graduate School and Research Center in Digital Sciences

PeerRush: mining for unwanted P2P traffic

Rahbarinia, Babak; Perdisci, Roberto; Lanzi, Andrea; Li, Kang

DIMVA 2013, 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 17-19, 2013, Berlin, Germany / Also published in LNCS 7967/2013

Best Paper Award

In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accuratelycategorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.

Document Doi Bibtex

Title:PeerRush: mining for unwanted P2P traffic
Keywords:P2P, Traffic classification, Botnets
Type:Conference
Language:English
City:Berlin
Country:GERMANY
Date:
Department:Digital Security
Eurecom ref:4101
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2013, 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 17-19, 2013, Berlin, Germany / Also published in LNCS 7967/2013 and is available at : http://dx.doi.org/10.1007/978-3-642-39235-1_4
Bibtex: @inproceedings{EURECOM+4101, doi = {http://dx.doi.org/10.1007/978-3-642-39235-1_4}, year = {2013}, title = {{P}eer{R}ush: mining for unwanted {P}2{P} traffic}, author = {{R}ahbarinia, {B}abak and {P}erdisci, {R}oberto and {L}anzi, {A}ndrea and {L}i, {K}ang }, booktitle = {{DIMVA} 2013, 10th {I}nternational {C}onference on {D}etection of {I}ntrusions and {M}alware, and {V}ulnerability {A}ssessment, {J}uly 17-19, 2013, {B}erlin, {G}ermany / {A}lso published in {LNCS} 7967/2013}, address = {{B}erlin, {GERMANY}}, month = {07}, url = {http://www.eurecom.fr/publication/4101} }
See also: