Skip to Main Content
In the past few years, peer-to-peer (P2P) applications have generated the main part of the Internet traffic. Large amounts of network bandwidth have been consumed by various P2P applications, which decreases the quality of network services. Therefore, the ISPs and campus network administrators are eager to be able to manage the P2P traffic. However, the main problem of P2P traffic management is the difficulty in detecting P2P traffic. As P2P applications use all sorts of techniques to conceal their traffic, it is difficult for the ISPs to distinguish P2P traffic from traditional application traffic, which makes the P2P traffic unmanageable. This paper puts forward a traffic identification methodology named Peerldentifier which is based on program behavior analysis. The Peerldentifier is able to separate the traffic of P2P file sharing applications from traditional application traffic and identify the hosts which participate in P2P activities and the listening ports of the P2P clients running on these hosts. The experimental results indicate that Peerldentifier is able to detect the overwhelming majority of P2P traffic effectively with a tiny probability of false positive or false negative.