Anomaly Detection in P2P Networks Using Markov Modelling

Jesús Esteban Díaz Verdejo; Gabriel Maciá-Fernández; Pedro García-Teodoro; Jesús Nuño García

Abstract:

The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage of P2P protocols. The detector searches for two kinds of anomalies: those that appear in the structure, grammar and semantics of each of the messages in the protocol, and those associated to the sequence of messages (protocol sessions). Previous results from other protocols, as HTTP and DNS, confirm the potentialities of the approach.

Research areas:

• Ethical hacking and digital forensics

Year:

2009

Type of Publication:

In Proceedings

Editor:

Proceedings of the First International Conference on Advances in P2P systems (AP2PS)

Pages:

156-159

Month:

Octubre