IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.

PeerRush : mining for unwanted P2P traffic / B. Rahbarinia, R. Perdisci, A. Lanzi, K. Li (LECTURE NOTES IN COMPUTER SCIENCE). - In: Detection of intrusions and malware, and vulnerability assessment / [a cura di] K. Rieck, P. Stewin, J.-P. Seifert. - Berlin : Springer, 2013 Jul. - ISBN 9783642392344. - pp. 62-82 (( Intervento presentato al 10. convegno International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) tenutosi a Berlin nel 2013 [10.1007/978-3-642-39235-1_4].

PeerRush : mining for unwanted P2P traffic

A. Lanzi
Penultimo
;
2013

Abstract

In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.
Botnets; P2P; Traffic Classification
Settore INF/01 - Informatica
lug-2013
Book Part (author)
03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
dimva13_peerrush.pdf

accesso riservato

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 347.18 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
347.18 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
chp%3A10.1007%2F978-3-642-39235-1_4.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 317.29 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
317.29 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/233531
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 44
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact