Traffic analyzer for differentiating BitTorrent handshake failures from port-scans
نویسندگان
چکیده
This paper aims to improve the accuracy of port-scan detectors by analyzing traffic of BitTorrent hosts and differentiating their respective BitTorrent connection (attempts) from port-scans. It is shown that by looking at BitTorrent coordination traffic and modelling port-scanning behavior the number of BitTorrent-related false positives can be reduced by 80% without any loss of IDS accuracy.
منابع مشابه
Using the Cisco Span Port for San Analysis
OVERVIEW For today’s storage area networks (SANs), analyzers are indispensable for finding and correcting network problems. Analyzers supply SAN managers with a view into the traffic traversing their networks and allow them to quickly troubleshoot everything from bad cables to system failures. Connecting an analyzer to a SAN requires inline installation, that is, placing the analyzer on the lin...
متن کاملTracking Contraband Files Transmitted Using Bittorrent
This paper describes a digital forensic tool that uses an FPGA-based embedded software application to identify and track contraband digital files shared using the BitTorrent protocol. The system inspects each packet on a network for a BitTorrent Handshake message, extracts the “info hash” of the file being shared, compares the hash against a list of known contraband files and, in the event of a...
متن کاملA Practical Approach to Portscan Detection in Very High-Speed Links
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in Internet facing systems. In this paper, we present a new method to efficiently detect TCP port scans in very high-speed links. The main idea behind our approach is to early discard those handshake packets that are not strictly needed to reliably detect port scans. We show that with just a couple o...
متن کاملAn FPGA-based system for tracking digital information transmitted via Peer-to-Peer protocols
At issue for any organization is the illicit dissemination of sensitive information using file sharing applications within a network, and tracking terrorist cells or criminal organizations that are covertly communicating using Voice over IP (VoIP) applications. This paper presents a field programmable gate array (FPGA)-based embedded software tool designed to process file transfers using the Bi...
متن کاملTraffic Measurements of P2P Systems
The paper reports on a measurement infrastructure developed at the Blekinge Institute of Technology (BIT) with the purpose to do traffic measurements and analysis on Peer-to-Peer (P2P) traffic. The measurement methodology is based on using application logging as well as link-layer packet capture. This offers the possibility to measure application layer information with link-layer accuracy. Deta...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1309.0276 شماره
صفحات -
تاریخ انتشار 2013