Anomaly Detection in P2P Networks Using Markov Modelling

Author

Diaz-Verdejo, Jesus ; Macia-Fernandez, Gabriel ; Garcia-Teodoro, Pedro ; Nuo-Garcia, J.

Author_Institution

Dept. of Signal Theor., Telematics & Commun., Univ. of Granada, Granada, Spain

fYear

2009

fDate

11-16 Oct. 2009

Firstpage

156

Lastpage

159

Abstract

The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage of P2P protocols. The detector searches for two kinds of anomalies: those that appear in the structure, grammar and semantics of each of the messages in the protocol, and those associated to the sequence of messages (protocol sessions). Previous results from other protocols, as HTTP and DNS, confirm the potentialities of the approach.

Keywords

Markov processes; peer-to-peer computing; protocols; security of data; DNS protocols; HTTP protocols; Markov modelling; P2P networks; P2P protocols; anomaly detection; intrusion detection techniques; Acquired immune deficiency syndrome; Computer hacking; Computer science; Computer security; Electronic mail; Event detection; Intrusion detection; Protocols; Stochastic processes; Telematics; Anomalous behaviour; Intrusion detection; Markov modelling; Network and computer security; P2P networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Advances in P2P Systems, 2009. AP2PS '09. First International Conference on

Conference_Location

Sliema

Print_ISBN

978-1-4244-5084-8

Electronic_ISBN

978-0-7695-3831-0

Type

conf

DOI

10.1109/AP2PS.2009.32

Filename

5359017