Escolar Documentos
Profissional Documentos
Cultura Documentos
Abstract- The concept of peer-to-peer (P2P) computing has edges of the Internet [5]. Because accessing these
been around since the early days of networking when it decentralised resources means operating in an environment
emerged as a result of, decentralising trends in software of unstable connectivity and unpredictable Internet
engineering intersecting with available technology. A P2P Protocol (IP) addresses, P2P nodes must operate outside
paradigm can be defined as one that moves away from the
centralised computing to a specialised version of client-
the Domain Name Server (DNS) system and have
server computing. In this paper we described malicious P2P significant or total autonomy from central servers [6].
applications as applications that threaten the security of Current applications of P2P not only include file sharing
wired networks and network traffic from these applications i.e. Napster, Gnutella and Freenet etc [7], but also instant
as malicious. messaging i.e. American Online (AOL) Instant Messaging,
We justify the writing of this paper by: Yahoo Messenger and Mirabilis ICQ etc [8], distributed
• Examining the security threat exposed by the malicious computing i.e. Distributed.Net and SETI etc [9], web
usage and security vulnerability associated with P2P search tools/engines and many more. Despite the usage of
applications like clogging network links, being a conduit the P2P systems, they are made of peers (entities that are
for malware, information leakage etc. similar to each other) but not necessarily under the same
• We then proceed to experiment and document the authority i.e. they do not all belong to the same user or are
feasibility of using Intrusion Detection System’s (IDS) not managed by the same entity, thus having different
signature detection technique to detect P2P priorities. For these systems to work efficiently, certain
application’s network traffic within a network, thus research issues have to be tackled:
controlling their usage.
Keywords: Peer-to-peer, Malicious, Client-server, Intrusion- 1. Since all peers are autonomous they cannot
detection, Signature, Traffic and Malware necessarily trust each other as they are not
accountable for their actions, therefore the issues of
trust, scalability, penalising misbehaving peers and
1. INTRODUCTION redundancy have to be addressed.
The earliest application of peer-to-peer (P2P) was for 2. How to enable peers that differ in physical
newsgroups (USENET) and to exchange messages characteristics to contribute the same type of
(FidoNet) [1]. In recent years P2P has gained public resources to the P2P network.
attention mainly due to Napster’s popularity as a free 3. Other issues like decentralisation, intermittent
music sharing platform and its subsequent battle with the connectivity, interoperability between different peer’s
big music corporations [2]. platforms, security and anonymity.
Initially P2P was the term given to a point-to-point In this paper we expand on issue “1” above by
communications model, where both peers were equal and describing malicious behaviours carried out by P2P users
either could initiate a communications session [3]. In intentional or unintentionally owing to security flaws in
current day usage this term also refers to a class of P2P systems. Examples of malicious behaviour include:
applications, systems or infrastructure that adapt this
communication model to perform critical functionalities. • Consumption of network bandwidth by P2P users.
P2P can be defined as the sharing of computer • Exploitation of P2P systems via Viruses and Trojan
resources and services by direct exchange between horses [10] writers.
systems. These resources and services include the • Confidential information leakage.
exchange of information, processing cycles, cache
We then proceed to outline a signature (unique
desktop computing power and networking connectivity,
strings of words in network packet’s payload) based
allowing economical clients to leverage their collective
security technique to address these malicious behaviours
power to benefit the entire enterprise” [4].
using Snort IDS [11] by:
Other definitions have been proposed like, “P2P being a
class of applications that takes advantage of resources - 1. Monitoring P2P network traffic for specific
storage, cycles, content, human presence - available at the signatures and writing out detection rules and alerts