An Omnibus Identification of BitTorrent Traffic in a Stub Network

Accurate, real time identification of P2P traffic is especially important for network management, because they seriously affect QoS of normal network services. In this paper, we propose an omnibus approach to identify Bit Torrent (BT) traffic in real time. We apply application signatures to identify unencrypted traffic. And for those encrypted BT traffic, we propose a message stream model according to the handshakes of the message stream encryption (MSE) protocol which is used by BT to obfuscate the traffic. At last, we propose a pre-identification method based on BT signaling analysis. It can predict BT flows and distinguish them at the first packet of each TCP flow with SYN flag only. And we use modified Vuze clients to generate and label BT traffic in real traffic traces, which help us to evaluate our omnibus approach with high accuracy. The results indicate that our approach can identify BT traffic at the very beginning of or even before the TCP flow.

[1]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[2]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[3]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[4]  Shunyi Zhang,et al.  Real-Time P2P Traffic Identification , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[5]  Matthew Roughan,et al.  P2P the gorilla in the cable , 2003 .

[6]  Ke Xu,et al.  Identify P2P Traffic by Inspecting Data Transfer Behaviour , 2009, Networking.

[7]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[8]  Panayiotis Mavrommatis,et al.  Identifying Known and Unknown Peer-to-Peer Traffic , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[9]  Krishna P. Gummadi,et al.  An analysis of Internet content delivery systems , 2002, OPSR.

[10]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[11]  Zhe Yang,et al.  Active Analysis of BT with a Modified Azureus Client , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[12]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[13]  Stefan Savage,et al.  Unexpected means of protocol inference , 2006, IMC '06.

[14]  Andrew B. Nobel,et al.  Statistical Clustering of Internet Communication Patterns , 2003 .

[15]  Xing Li,et al.  Identification of P2P traffic based on the content redistribution characteristic , 2007, 2007 International Symposium on Communications and Information Technologies.

[16]  Jia Wang,et al.  Analyzing peer-to-peer traffic across large networks , 2002, IMW '02.

[17]  John C. S. Lui,et al.  Profiling and identification of P2P traffic , 2009, Comput. Networks.

[18]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[19]  Ke Xu,et al.  Identify P2P traffic by inspecting data transfer behavior , 2010, Comput. Commun..

[20]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[21]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[22]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Zhi-Li Zhang,et al.  Profiling internet backbone traffic: behavior models and applications , 2005, SIGCOMM '05.

[25]  Rodney Thayer,et al.  A Stream Cipher Encryption Algorithm 'Arcfour' , 1999 .

[26]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.