Inherent Behaviors for On-line Detection of Peer-to-Peer File Sharing. Bartlett, G., Heidemann, J., & Papadopoulos, C. In Proceedings of the 10thIEEE Global Internet Symposium, Anchorage, Alaska, USA, May, 2007. IEEE. An extended version of this paper is available as ISI-TR-2006-627
Inherent Behaviors for On-line Detection of Peer-to-Peer File Sharing [link]Paper  abstract   bibtex   
Blind techniques to detect network applications—approaches that do not consider packet contents—are increasingly desirable because they have fewer legal and privacy concerns, and they can be robust to application changes and intentional cloaking. In this paper we identify several behaviors that are \emphinherent to peer-to-peer (P2P) traffic and demonstrate that they can detect both BitTorrent and Gnutella hosts using only packet header and timing information. We identify three basic behaviors: failed connections, the ratio of incoming and outgoing connections, and the use of unprivileged ports. We show that while individual behaviors are sometimes effective, they work best when used together. We quantify the effectiveness of our approach using two day-long traces, from 2005 and 2006, showing that they are quite accurate: BitTorrent hosts are detected with an 83% true positive rate and only a 2% false positive rate, and Gnutella hosts with a 75% true positive rate and a 4% false postivie rate. Our system is suitable for on-line use, with 75% of BitTorrent hosts detected in less than 10 minutes of trace data.
@InProceedings{Bartlett07a,
	author = "Genevieve Bartlett and John Heidemann and Christos Papadopoulos",
	title = 	"Inherent Behaviors for On-line Detection of
         Peer-to-Peer File Sharing",
	booktitle = 	"Proceedings of the " # "10th" # " IEEE Global Internet Symposium",
	year = 		2007,
	sortdate = 		"2007-05-01",
	month =		may, 
	publisher =	"IEEE",
	address =	"Anchorage, Alaska, USA",
	xxxpages =		"xxx",
	jlocation =	"johnh: pafile",
	note = "An extended version of this paper is available as ISI-TR-2006-627",
	keywords = "peer-to-peer, traffic classification, encryption",
	project = "ant, lander, predict",
	jsubject = "traffic_detection",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Bartlett07a.html",
	pdfurl =		"https://ant.isi.edu/%7ejohnh/PAPERS/Bartlett07a.pdf",
	myorganization =	"USC/Information Sciences Institute",
	copyrightholder = "IEEE",
	copyrightterms = "	Personal use of this material is permitted.  However, 	permission to reprint/republish this material for advertising 	or promotional purposes or for creating new collective works         for resale or redistribution to servers or lists, 	or to reuse any copyrighted component of this work in other works 	must be obtained from the IEEE. ",
	abstract = "
Blind techniques to detect network applications---approaches that do
not consider packet contents---are increasingly desirable because they
have fewer legal and privacy concerns, and they can be robust to
application changes and intentional cloaking.  In this paper we
identify several behaviors that are \emph{inherent} to peer-to-peer
(P2P) traffic and demonstrate that they can detect both BitTorrent and
Gnutella hosts using only packet header and timing information.  We
identify three basic behaviors:  failed connections, the ratio of
incoming and outgoing connections, and the use of unprivileged ports.
We show that while individual behaviors are sometimes effective, they
work best when used together.  We quantify the effectiveness of our
approach using two day-long traces, from 2005 and 2006, showing that
they are quite accurate:  BitTorrent hosts are detected with an 83\%
true positive rate and only a 2\% false positive rate, and Gnutella
hosts with a 75\% true positive rate and a 4\% false postivie rate.
Our system is suitable for on-line use, with 75\% of BitTorrent hosts
detected in less than 10 minutes of trace data.
",
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021