Department of Computer Science and Information Systems

Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928

Browse

Filters

2008 - 200932010 - 20177

Settings

Subject: search.filters.subject.Peer-to-peer

Search Results

Now showing 1 - 10 of 10
  • No Thumbnail Available
    Item
    PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations
    (IEEE, 2014) Narang, Pratik
    The decentralized nature of Peer-to-Peer (P2P) botnets makes them difficult to detect. Their distributed nature also exhibits resilience against take-down attempts. Moreover, smarter bots are stealthy in their communication patterns, and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we propose Peer Shark, a novel methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Instead of the traditional 5-tuple 'flow-based' detection approach, we use a 2-tuple 'conversation-based' approach which is port-oblivious, protocol-oblivious and does not require Deep Packet Inspection. Peer Shark could also classify different P2P applications with an accuracy of more than 95%.
  • No Thumbnail Available
    Item
    PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification
    (Springer, 2014-10) Narang, Pratik
    The distributed and decentralized nature of peer-to-peer (P2P) networks has offered a lucrative alternative to bot-masters to build botnets. P2P botnets are not prone to any single point of failure and have been proven to be highly resilient against takedown attempts. Moreover, smarter bots are stealthy in their communication patterns and elude the standard discovery techniques which look for anomalous network or communication behavior. In this paper, we present a methodology to detect P2P botnet traffic and differentiate it from benign P2P traffic in a network. Our approach neither assumes the availability of any ‘seed’ information of bots nor relies on deep packet inspection. It aims to detect the stealthy behavior of P2P botnets. That is, we aim to detect P2P botnets when they lie dormant (to evade detection by intrusion detection systems) or while they perform malicious activities (spamming, password stealing, etc.) in a manner which is not observable to a network administrator. Our approach PeerShark combines the benefits of flow-based and conversation-based approaches with a two-tier architecture, and addresses the limitations of these approaches. By extracting statistical features from the network traces of P2P applications and botnets, we build supervised machine learning models which can accurately differentiate between benign P2P applications and P2P botnets. PeerShark could also detect unknown P2P botnet traffic with high accuracy.
  • No Thumbnail Available
    Item
    Noise-resistant mechanisms for the detection of stealthy peer-to-peer botnets
    (Elsevier, 2016-12) Narang, Pratik
    The problem of detection of malicious network traffic is adversarial in nature. Accurate detection of stealthy Peer-to-Peer botnets is an ongoing research problem. Past research on detection of P2P botnets has frequently used machine learning algorithms to build detection models. However, most prior work lacks the evaluation of such detection models in the presence of deliberate injection of noise by an adversary. Furthermore, detection of P2P botnets in the presence of benign P2P traffic has received little attention from the research community. This work proposes a novel approach for the detection of stealthy P2P botnets (in presence of benign P2P traffic) using conversation-based mechanisms and new features based on Fourier transforms and information entropy. We use real-world botnet data to compare the performance of our features with traditional ‘flow-based’ features employed by past research, and demonstrate that our approach is more resilient towards the injection of noise in the communication patterns by an adversary. We build detection models with multiple supervised machine learning algorithms. With our approach, we could detect P2P botnet traffic in the presence of injected noise with True Positive rate as high as 90%.
  • No Thumbnail Available
    Item
    Adaptive lookup for unstructured peer-to-peer overlays
    (IEEE, 2008) Haribabu, K
    Scalability and efficient global search in unstructured peer-to-peer overlays have been extensively studied in the literature. The global search comes at the expense of local interactions between peers. Most of the unstructured peer-to-peer overlays do not provide any performance guarantee. In this work we propose a novel Quality of Service enabled lookup for unstructured peer-to-peer overlays that will allow the userpsilas query to traverse only those overlay links which satisfy the given constraints. Additionally, it also improves the scalability by judiciously using the overlay resources. Our approach selectively forwards the queries using QoS metrics like latency, bandwidth, and overlay link status so as to ensure improved performance in a scenario where the degree of peer joins and leaves are high. User is given only those results which can be downloaded with the given constraints. Also, the protocol aims at minimizing the message overhead over the overlay network.
  • No Thumbnail Available
    Item
    Indexing through Querying in Unstructured Peer-to-Peer Overlay Networks
    (Springer, 2008) Haribabu, K
    The efficiency of a Peer-to-Peer file sharing overlay is measured in terms of the scalability and versatility of its object lookup strategy. In these networks peers carry out distributed query relaying to discover the service providers. Existing lookup mechanisms like flooding and random walks in unstructured P2P overlays create huge communication overhead and increased response time. In this work we propose efficient lookup in unstructured peer-to-peer overlay networks using indexing through querying, distributing indices through queries. Our simulation studies show that by our approach more than 97% of the queries are answered in one hop and the rest in few hops thus reducing the network load. Our approach is efficient in worst case scenarios where contents are distributed over thousands of peers and the overlay network condition is highly dynamic.
  • No Thumbnail Available
    Item
    Detecting Sybils in Peer-to-Peer File Replication Systems
    (Springer, 2009) Haribabu, K
    The test of a peer-to-peer file sharing network is how efficiently the objects are discovered and retrieved. One of the most important factors that contribute towards this is optimal replication of the objects across the network. One of the security threats to replication model is Sybil attack. In this paper we propose an approach that aims at detecting sybil identities in peer-to-peer file sharing networks. The sybils can corrupt, hide or destroy the replicas in file sharing network. This approach makes use of the fact that sybil doesn’t scale its storage to the factor of its identities. The approach safeguards the availability and accessibility of objects in a peer-to-peer network from sybil attack. Experimental evaluations have shown that our approach works very efficiently in detecting sybils. More than 50% of the sybils were detected in first few seconds of the simulation and loss or damage of objects is reduced to less than .0001%.
  • No Thumbnail Available
    Item
    Enhanced Search in Peer-to-Peer Networks Using Fuzzy Logic
    (Springer, 2010) Haribabu, K
    The efficiency of a Peer-to-Peer file sharing overlay is dependent on the lookup procedure. Huge size of peer-to-peer networks demands a scalable efficient lookup algorithm. In this paper we look at fuzzy logic approach in which we assign probabilities to each node based on the content it has. Lookup is guided by the probabilities. The results show that this algorithm is much better than standard lookup algorithms.
  • No Thumbnail Available
    Item
    Detecting Sybils in Peer-to-Peer Overlays Using Neural Networks and CAPTCHAs
    (IEEE, 2010) Haribabu, K
    Over the years, peer-to-peer networks have emerged as one of the most popular file sharing medium over The Internet, capable of providing user anonymity to the clients if desired. However, modern P2P networks suffer from the bane of malicious entities we refer to as Sybils, which forge multiple identities to negatively influence or even control the entire network. This paper suggests a novel solution to eradicate the Sybil threat using a unique combination of neural networks and CAPTCHA. We capture common behavioral patterns of participating Sybil entities, in terms of certain quantitative variables, and ascertain their true identities by feeding these variables to a neural network, followed by sending CAPTCHA to the alleged entity ensuring a very high success rate in identifying malicious entities in the network. Network simulations have shown the proposed approach to be highly effective in countering the Sybil threat by giving a high degree of accuracy in detecting the malicious nodes.
  • No Thumbnail Available
    Item
    Addressing Challenges in Browser Based P2P Content Sharing Framework Using WebRTC
    (IEEE, 2016) Haribabu, K; Sinha, Yash
    Most of the content sharing applications use the client/server model in which all of group managements are done by the server and this sometimes becomes a communication bottleneck. Installing specialized software for different purposes such as file sharing, video conferencing etc., becomes a barrier for the user. Recent technologies like NodeJs and Socket.io have fostered new ideas the ways web browsers can be used. Moreover, the emerging standards of WebRTC open up new paradigm of direct communication channel between web browsers without relaying the data through a web server. But there are certain issues such as lack of full-fledged threading/concurrency support in the JavaScript language, reliance on synchronous loading etc. that restricts modern day browsers to take full advantage of current multiprocessing capabilities. Although, on one hand there are advantages of using web browsers, such as no requirement of specialized software, benefits of emerging technologies etc., the aforementioned issues pose challenges in implementation in certain areas. In this paper, we have tried to couple the benefits of peer-to-peer (P2P) architecture (elimination of centralized dependency, better scalability, shareability etc.) along with the advantages of recent web technologies (NodeJs, WebRTC etc.) by designing and implementing a browser based P2P content sharing framework. We have addressed the aforementioned challenges of a browser based P2P architecture by providing a mechanism to exchange messages asynchronously and facilitating new peer joins via existing peers in the network, thus reducing the dependency on bootstrap server. Our prototypical implementation demonstrates the feasibility, efficiency and scalability of this lightweight framework, on the top of which a variety of applications can be added as a layer of functionality.
  • No Thumbnail Available
    Item
    A Browser-Based Distributed Framework for Content Sharing and Student Collaboration
    (Springer, 2017-08) Haribabu, K; Sinha, Yash
    The utilization of the networks in education system has become increasingly widespread in recent years. WebRTC has been one of the hottest topics recently when it comes to Web technologies for distributed systems as it enables peer-to-peer (P2P) connectivity between machines with higher reliability and better scalability without the overhead of resource management. In this paper, we propose a browser based, asynchronous framework of a P2P network using distributed, lookup protocol (Chord), NodeJS and RTCDataChannel; which is scalable and lightweight. The design combines the advantages of P2P networks for better and sophisticated education delivery. The framework will facilitate students to share course content and discuss with fellow students without requiring any centralized infrastructure support.