M. Iliofotou, P. Pappu, and M. Faloutsos, "Graption: Automated Detection of P2P Applications Using Traffic Dispersion Graphs", in Tech Report 2008, Jun 2008.
|Graption: Automated Detection of P2P Applications Using Traffic Dispersion Graphs|
|Published:||Tech Report, 2008|
|Abstract:||Monitoring network traffic and detecting emerging P2P applications is an increasingly challenging problem since new applications obfuscate their traffic. Despite recent efforts, the problem is not yet solved and network administrators are still looking for effective and deployable tools. In this paper, we address this problem using Traffic Dispersion Graphs (TDGs), a novel way to analyze traffic. Given a set of flows, a TDG is a graph with an edge between any two IP addresses that communicate. Thus TDGs capture network-wide interactions. We start by exploring the potential of TDGs for traffic monitoring by focusing on graph metrics instead of features of individual flows. We then use TDGs to develop an application classification tool dubbed Graption (Graphbased P2P detection), which we target specifically for detecting P2P traffic. Graption begins by partitioning traffic flows into clusters based on flow-level features and without the need for application-specific knowledge. It then builds TDGs for these clusters, and uses graph metrics to identify clusters that correspond to P2P applications. Finally, we automatically extract a regular expression for a new P2P application, allowing the use of existing IDS devices and routers to block or rate-limit the detected traffic. We describe tracedriven experiments that show more than 90% precision and recall for P2P detection.|