Blink: Large-scale P2P network monitoring and visualization system using VM introspection

P2P network is now widely pervasive and increase usability of Internet. However, with the difficulty of tracing flow of P2P traffic, security incident of P2P network has become now serious problem. In this paper we propose Blink, Large-scale P2P network monitoring and visualization system enhanced by VM introspection. We discuss a monitoring and visualizing P2P traffic using the combination of virtualized probe and analyzer on VMM side. In proposed system, probe and monitor are running on guest OS, which is connected to the analyzer and visualizer module on VMM and host OS. Traffic log is transferred to host OS using VM introspection and is analyzed and visualized. Proposed system makes it possible to enhance the analysis and visualization functionality with the least impact of guest OS. Also, proposed system supports large scale traffic log analysis with large amount of disks necessary using storage of host OS. In proposed system we have implemented monitors for two kinds of P2P software: BitTorrent and Winny. Also we have implemented visualization module using Google Earth by translating traffic log file to KML (Keyhole Markup Language). We show system output of visualizing of traffic log of Winny and BitTorrent. We can conclude that proposed system of double-layer architecture can enhance the functionality of analyzing, storing and visualizing P2P traffic logs.