Anomaly Detection in P2P Networks Using Markov Modelling

The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage of P2P protocols. The detector searches for two kinds of anomalies: those that appear in the structure, grammar and semantics of each of the messages in the protocol, and those associated to the sequence of messages (protocol sessions). Previous results from other protocols, as HTTP and DNS, confirm the potentialities of the approach.

[1]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[2]  Juan E. Tapiador,et al.  Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004, Comput. Networks.

[3]  George F. Riley,et al.  Intrusion detection testing and benchmarking methodologies , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[4]  María Bermúdez-Edo,et al.  Proposals on Assessment Environments for Anomaly-Based Network Intrusion Detection Systems , 2006, CRITIS.

[5]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[6]  Juan E. Tapiador,et al.  Detection of Web-based attacks through Markovian protocol parsing , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).

[7]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[9]  Danny Bickson,et al.  The eMule Protocol Specification , 2005 .

[10]  J. Wolfowitz Review: William Feller, An introduction to probability theory and its applications. Vol. I , 1951 .

[11]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[12]  Tarek S. Sobh Wired and wireless intrusion detection system: Classifications, good characteristics and state-of-the-art , 2006, Comput. Stand. Interfaces.