Ecole d'ingénieur et centre de recherche en Sciences du numérique

PeerRush: mining for unwanted P2P traffic

Rahbarinia, Babak; Perdisci, Roberto; Lanzi, Andrea; Li, Kang

DIMVA 2013, 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 17-19, 2013, Berlin, Germany / Also published in LNCS 7967/2013

Best Paper Award

In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accuratelycategorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.

Document Doi Bibtex

Titre:PeerRush: mining for unwanted P2P traffic
Mots Clés:P2P, Traffic classification, Botnets
Type:Conférence
Langue:English
Ville:Berlin
Pays:ALLEMAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4101
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2013, 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 17-19, 2013, Berlin, Germany / Also published in LNCS 7967/2013 and is available at : http://dx.doi.org/10.1007/978-3-642-39235-1_4
Bibtex: @inproceedings{EURECOM+4101, doi = {http://dx.doi.org/10.1007/978-3-642-39235-1_4}, year = {2013}, title = {{P}eer{R}ush: mining for unwanted {P}2{P} traffic}, author = {{R}ahbarinia, {B}abak and {P}erdisci, {R}oberto and {L}anzi, {A}ndrea and {L}i, {K}ang }, booktitle = {{DIMVA} 2013, 10th {I}nternational {C}onference on {D}etection of {I}ntrusions and {M}alware, and {V}ulnerability {A}ssessment, {J}uly 17-19, 2013, {B}erlin, {G}ermany / {A}lso published in {LNCS} 7967/2013}, address = {{B}erlin, {ALLEMAGNE}}, month = {07}, url = {http://www.eurecom.fr/publication/4101} }
Voir aussi: