Skip to Main Content
This paper discusses how to identify Peer-to-Peer (P2P) traffic using a blind technique without observing individual payload in the proposed cooperation network model. Traditionally, the payload inspection based traffic identification methodologies have been studied and developed for static internet traffic generated by well-known network applications such as http, ftp, telnet, smtp, etc. However, this approach is inadequate any more to detect and control newly emerging applications using P2P-like or P2P-based communication protocol. Also it strongly depends on the central intrusion detection system or firewall because signature as the prior-knowledge is normally built on that kind of systems. That fact derives three issues: performance overhead, central point of failure, and abnormality handling of traffic. Therefore, we propose the distributed detector strategy using tight cooperation between flow agent and secure gateway for indentifying the dynamic P2P traffic, even encrypted.
Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on (Volume:2 )
Date of Conference: 17-20 Feb. 2008