New Heuristics for Node and Flow Detection in eDonkey-based Services

Abstract

The development and use of applications based on peer-to-peer (P2P) networks have exponentially grown in the last years. In fact, the traffic volume generated by these applications supposes almost the 80% of all the network bandwith nowadays. For this reason, the interest of Internet Service Providers (ISPs) for classifying this large amount of traffic has also grown in a considerable manner. In this context, the present paper describes two detection algorithms for eDonkey services. The first one is aimed to detect eDonkey flows. It is based on the hypothesis that clients that begin connections are in charge of sending the information. The second algorithm has been developed to detect nodes that generate eDonkey traffic. It is based on the hypothesis that the up-rate of these nodes follows a constant pattern along the time. Both detection algorithms have been proved in three different groups of network traces. As a result, our detection hypothesis is checked. Additionally, the experiments carried out show that the proposed algorithms have a high classification rate and a low false positive rate.

Publication
In The Third International Conference on Advances in P2P Systems (AP2PS11)
Rafael A. Rodríguez-Gómez
Rafael A. Rodríguez-Gómez
Associate Professor

My research interests include network security, the early detection of new threats and adversarial machine learning attacks-defense methods in the cybersecurity field.