- authors
Introduction
This paper discusses about a new approach in identifying P2P traffic by profiling specific traffic patterns that is introduced by the P2P overlay in the network. from this profiles we can show the "periodic behavior" of the overlay and this behaviors can help us identify the system running on the network without the use of port monitoring and inspecting the payload of certain traffic.
The paper introduces a novel approach, the Two-Phase Tranformation approach
Experiment Design
The research distinguishes 2 kinds of periodic group communication
1. control plane- control signals for the overlay
2. data plane - actual data flows in the overlay network
The resarch also identified three (3) major types of periodic behavior or pattern
1. Buffermap exchange
- typical on P2P streaming
- peers exchange buffer information periodically using buffer maps
- mechanic for limiting download rate of peers
- introduces periodic data flows
- used in Bittorrent
- PBS pattern identification done on a selected PC on the network
- packet detection using wireshark
1. capture inbound and outbound packets
2. graph packet traffic on a timeline
3. Auto-correlation of the timeline
4. Discrete Fourier Transform
Results
- PBS profiles for a majority of P2PTV clients such as TVAnts, Sopcast, PPStream, eMule, Joost, PPMate, PPLive, TVKoo and UUSee
- Tested using 2 scenarios: computer inside the LAN and computer accessing thru DSL connection
- Tested the usefullness of PBS profiles by capturing traffic for two days in the camppus gateway. Results identified running P2P traffic with 100% accuracy
- Testing for identifying P2P traffic using PBS not sufficient in terms of number of experiments
- PBS profiles were generated using traffic inbound and outbound of a certain node, not gateway traffic. This could introduce innacuracy on PBS profiles
- Packet header confirmation still needed.
No comments:
Post a Comment