A NEW APPROACH TO DETECT P2P TRAFFIC BASED ON SIGNATURES ANALYSIS

Authors

  • Mazri A. Blida1
  • Mehdi M. Blida1

DOI:

https://doi.org/10.47820/recima21.v5i3.4994

Keywords:

Peer-to-Peer (P2P), digital signatures E-Donkey, Snort IDS

Abstract

In recent years, peer-to-peer (P2P) networks have gained more popularity in the form of file-sharing applications, such as uTorrent and eMule, that use BitTorrent and eDonkey protocols. With such popularity comes security risks and external attacks; the latter is often associated with information hacking. In this paper, we will introduce a new way to monitor and detect the use of each of the P2P applications within the corporate network.

Based on the inspection of traffic packets in order to extract digital signatures of these applications using the open-source packet analysis program "Wireshark," in addition to using the well-known Snort intrusion detection system (IDS) with a number of adequate and new rules, this solution can allow us to receive powerful warning messages that detect the presence of P2P applications inside the network. We implemented our rules in Snort IDS. Over a period of time, this solution allowed us to achieve 96% effectiveness in detecting the presence of P2P applications.

Downloads

Download data is not yet available.

Author Biographies

  • Mazri A., Blida1

    DIC, Laboratory, Electronics Department, University Blida, Algeria.

     

  • Mehdi M., Blida1

    DIC, Laboratory, Electronics Department, University Blida, Algeria.

     

References

Saxena P, Sharma SK. Analysis of network traffic by using packet sniffing tool: Wireshark. International Journal of Advance Research, Ideas and Innovations in Technology. 2017;3(6):804-808.‏

Sen S, Wang J. Analyzing peer-to-peer traffic across large networks. IEEE/ACM Transactions on Networking. 2004;12(2):219–232. doi:10.1109/tnet.2004.826277 DOI: https://doi.org/10.1109/TNET.2004.826277

Hwang IS, Rianto A, Pakpahan AF. Peer-to-peer file sharing architecture for software-defined TWDM-PON. Journal of Internet Technology. 2020;21(1):23-32.‏

Shoab M, Jubayrin S. A. Intelligent neighbor selection for efficient query routing in unstructured P2P networks using Q-learning. Applied Intelligence. 2021;52(6):6306–6315. doi:10.1007/s10489-021-02793-6 DOI: https://doi.org/10.1007/s10489-021-02793-6

T2021_21 Risks of File Sharing (15th December 2021), Guyana National CIRT, URL: https://cirt.gy/Tips?page=5, 2021.

BitTorrent, Inc. (n.d.). ΜTorrent (uTorrent): A very tiny BitTorrent client. Retrieved from https://www.utorrent.com/, 2023.

Project.net - official emule homepage. downloads, help, docu, news... (n.d.). Retrieved from https://www.emule-project.com/home/perl/general.cgi?l=1&rm=download, 2024.

Jaw E, Wang, X. A novel hybrid-based approach of Snort Automatic Rule Generator and security event correlation (SARG-SEC). PeerJ Computer Science. 2022;8. doi:10.7717/peerj-cs.900. DOI: https://doi.org/10.7717/peerj-cs.900

Mehdi M. Interception of P2P Traffic in a Campus Network. Romanian Journal of Information Technology & Automatic Control/Revista Română de Informatică și Automatică. 2019;29(2):21-34‏. doi:10.33436/v29i2y201902. DOI: https://doi.org/10.33436/v29i2y201902

Locher T, Schmid S, Wattenhofer R. edonkey & emule's kad: Measurements & attacks. Fundamenta Informaticae. 2011;109(4):383-403, doi:10.3233/fi-2011-518. DOI: https://doi.org/10.3233/FI-2011-518

‏Andrew Loewenstern, A. N. (n.d.). BitTorrent.org. Retrieved from https://www.bittorrent.org/beps/bep_0005.html. 2008.

Downloads

Published

06/03/2024

How to Cite

A NEW APPROACH TO DETECT P2P TRAFFIC BASED ON SIGNATURES ANALYSIS. (2024). RECIMA21 - Revista Científica Multidisciplinar - ISSN 2675-6218, 5(3), e534994. https://doi.org/10.47820/recima21.v5i3.4994