Top

Published in:

2016 | OriginalPaper | Chapter

Unwanted Traffic Identification in Large-Scale University Networks: A Case Study

Authors : Chittaranjan Hota, Pratik Narang, Jagan Mohan Reddy

Published in: Big Data Analytics

Publisher: Springer India

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

To mitigate the malicious impact of P2P traffic on University networks, in this article the authors have proposed the design of payload-oblivious privacy-preserving P2P traffic detectors. The proposed detectors do not rely on payload signatures, and hence, are resilient to P2P client and protocol changes—a phenomenon which is now becoming increasingly frequent with newer, more popular P2P clients/protocols. The article also discusses newer designs to accurately distinguish P2P botnets from benign P2P applications. The datasets gathered from the testbed and other sources range from Gigabytes to Terabytes containing both unstructured and structured data assimilated through running of various applications within the University network. The approaches proposed in this article describe novel ways to handle large amounts of data that is collected at unprecedented scale in authors’ University network.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Complex Event Processing in Big Data Systems

next chapter Application-Level Benchmarking of Big Data Systems

Ahn YY, Bagrow JP, Lehmann S (2010) Link communities reveal multiscale complexity in networks. Nature 466(7307):761–764CrossRef

Berket K, Essiari A, Muratas A (2004) Pki-based security for peer-to-peer information sharing. In: Fourth international conference on peer-to-peer computing, 2004. Proceedings. IEEE, pp 45–52

Blondel VD, Guillaume JL, Lambiotte R, Lefebvre E (2008) Fast unfolding of communities in large networks. J Stat Mech: Theory Exp (10):P10,008

Borisov N (2006) Computational puzzles as sybil defenses. In: Sixth IEEE international conference on peer-to-peer computing, 2006. P2P 2006. IEEE, pp 171–176

Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Oper Syst Rev 36(SI):299–314

Condie T, Kacholia V, Sank S, Hellerstein JM, Maniatis P (2006) Induced churn as shelter from routing-table poisoning. In: NDSS

Dash M, Liu H (2003) Consistency-based search in feature selection. Artif Intell 151(1):155–176MathSciNetCrossRefMATH

Daswani N, Garcia-Molina H (2002) Query-flood dos attacks in gnutella. In: Proceedings of the 9th ACM conference on computer and communications security., CCS ’02ACM, New York, NY, USA, pp 181–192

Day DJ, Burns BM (2011) A performance analysis of snort and suricata network intrusion detection and prevention engines. In: The Fifth international conference on digital society

10.

Dhungel P, Hei X, Ross KW, Saxena N (2007) The pollution attack in p2p live video streaming: measurement results and defenses. In: Proceedings of the 2007 workshop on peer-to-peer streaming and IP-TV. ACM, pp 323–328

11.

Douceur JR (2002) The sybil attack. In: Peer-to-peer systems. Springer, pp 251–260

12.

Falliere N (2011) Sality: story of a peer-to-peer viral network. Symantec Corporation, Rapport technique

13.

Feldman M, Papadimitriou C, Chuang J, Stoica I (2006) Free-riding and whitewashing in peer-to-peer systems. IEEE J Sel Areas Commun 24(5):1010–1019CrossRef

14.

François J, Wang S, State R, Engel T (2011) Bottrack: tracking botnets using netflow and pagerank. In: Proceedings of the 10th International IFIP TC 6 conference on networking—volume Part I, NETWORKING ’11. Springer, Berlin, pp 1–14

15.

García S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur

16.

Hall MA (1999) Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato

17.

Hang H, Wei X, Faloutsos M, Eliassi-Rad T (2013) Entelecheia: detecting p2p botnets in their waiting stage. In: IFIP networking conference, 2013. IEEE, USA, pp 1–9

18.

Haribabu K, Arora D, Kothari B, Hota C (2010) Detecting sybils in peer-to-peer overlays using neural networks and captchas. In: 2010 International conference on computational intelligence and communication networks (CICN). IEEE, pp 154–161

19.

Haribabu K, Hota C, Paul A (2012) Gaur: a method to detect sybil groups in peer-to-peer overlays. Int J Grid Util Comput 3(2):145–156CrossRef

20.

Jolliffe I (2005) Principal component analysis. Wiley Online Library

21.

Karagiannis T, Broido A, Faloutsos M et al (2004) Transport layer identification of p2p traffic. In: Proceedings of the 4th ACM SIGCOMM conference on internet measurement. ACM, pp 121–134

22.

Karagiannis T, Papagiannaki K, Faloutsos M (2005) Blinc: multilevel traffic classification in the dark. ACM SIGCOMM Comput Commun Rev 35:229–240 (ACM)

23.

Li J, Zhang S, Lu Y, Yan J (2008) Real-time p2p traffic identification. In: Global telecommunications conference, 2008., IEEE GLOBECOM 2008. IEEE, USA, pp 1–5

24.

Liang J, Kumar R, Xi Y, Ross KW (2005) Pollution in p2p file sharing systems. In: INFOCOM 2005. 24th Annual joint conference of the IEEE computer and communications societies. Proceedings IEEE, vol 2. IEEE, pp 1174–1185

25.

Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in p2p file sharing systems. In: INFOCOM. Citeseer, pp 1–12

26.

Livadas C, Walsh R, Lapsley D, Strayer WT (2006) Using machine learning techniques to identify botnet traffic. In: 31st IEEE conference on local computer networks, proceedings 2006. IEEE, pp 967–974

27.

Locher T, Mysicka D, Schmid S, Wattenhofer R (2010) Poisoning the kad network. In: Distributed computing and networking. Springer, pp 195–206

28.

Masud MM, Gao J, Khan L, Han J, Thuraisingham B (2008) Mining concept-drifting data stream to detect peer to peer botnet traffic. University of Texas at Dallas Technical Report# UTDCS-05- 08

29.

Mehra P (2012) A brief study and comparison of snort and bro open source network intrusion detection systems. Int J Adv Res Comput Commun Eng 1(6):383–386

30.

Nagaraja S (2014) Botyacc: unified p2p botnet detection using behavioural analysis and graph analysis. In: Computer security-ESORICS 2014. Springer, pp 439–456

31.

Narang P, Hota C, Venkatakrishnan V (2014) Peershark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification. EURASIP J Inf Secur 2014(1):1–12CrossRef

32.

Narang P, Khurana V, Hota C (2014) Machine-learning approaches for p2p botnet detection using signal-processing techniques. In: Proceedings of the 8th ACM international conference on distributed event-based systems. ACM, pp 338–341

33.

Narang P, Ray S, Hota C, Venkatakrishnan V (2014) Peershark: detecting peer-to-peer botnets by tracking conversations. In: Security and privacy workshops (SPW), 2014. IEEE, pp 108–115

34.

Narang P, Reddy JM, Hota C (2013) Feature selection for detection of peer-to-peer botnet traffic. In: Proceedings of the 6th ACM India computing convention, pp 16:1–16:9

35.

Puttaswamy KP, Zheng H, Zhao BY (2009) Securing structured overlays against identity attacks. IEEE Trans Parallel Distrib Syst 20(10):1487–1498CrossRef

36.

Rahbarinia B, Perdisci R, Lanzi A, Li K (2013) Peerrush: mining for unwanted p2p traffic. Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 62–82

37.

Ratnasamy S, Francis P, Handley M, Karp R, Shenker S (2001) A scalable content-addressable network, vol 31. ACM

38.

Reddy JM, Hota C (2013) P2p traffic classification using ensemble learning. In: Proceedings of the 5th IBM collaborative academia research exchange workshop. ACM, p 14

39.

Roesch M et al (1999) Snort: lightweight intrusion detection for networks. LISA 99:229–238

40.

Rowstron A, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware 2001. Springer, pp 329–350

41.

Ruehrup S, Urbano P, Berger A, D’Alconzo A (2013) Botnet detection revisited: Theory and practice of finding malicious p2p networks via internet connection graphs. In: 2013 IEEE conference on computer communications workshops (INFOCOM WKSHPS). IEEE, pp 435–440

42.

Schoof R, Koning R (2007) Detecting peer-to-peer botnets. University of Amsterdam. Technical report

43.

Sen S, Spatscheck O, Wang D (2004) Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of the 13th international conference on World Wide Web. ACM, pp 512–521

44.

Singh A et al (2006) Eclipse attacks on overlay networks: threats and defenses. In: IEEE INFOCOM, Citeseer

45.

Steiner M, En-Najjary T, Biersack EW (2007) Exploiting kad: possible uses and misuses. ACM SIGCOMM Comput Commun Rev 37(5):65–70CrossRef

46.

Stover S, Dittrich D, Hernandez J, Dietrich S (2007) Analysis of the storm and nugache trojans: P2p is here. USENIX 32(6):18–27

47.

Tegeler F, Fu X, Vigna G, Kruegel C (2012) Botfinder: finding bots in network traffic without deep packet inspection. In: Proceedings of the 8th international conference on emerging networking experiments and technologies. ACM, pp 349–360

48.

Trifa Z, Khemakhem M (2012) Taxonomy of structured p2p overlay networks security attacks. World Acad Sci, Eng Technol 6(4):460–466

49.

Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Comput Commun Rev 36(4):267–278CrossRef

50.

Yue X, Qiu X, Ji Y, Zhang C (2009) P2p attack taxonomy and relationship analysis. In: 11th International conference on advanced communication technology, 2009. ICACT 2009, vol 2. IEEE, pp 1207–1210

51.

Zhang R, Zhang J, Chen Y, Qin N, Liu B, Zhang Y (2011) Making eclipse attacks computationally infeasible in large-scale dhts. In: 2011 IEEE 30th International performance computing and communications conference (IPCCC). IEEE, pp 1–8

Title: Unwanted Traffic Identification in Large-Scale University Networks: A Case Study
Authors: Chittaranjan Hota
Pratik Narang
Jagan Mohan Reddy
Publisher: Springer India
Book: Big Data Analytics
Print ISBN: 978-81-322-3626-9

Electronic ISBN: 978-81-322-3628-3

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-81-322-3628-3_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner