PeerRush: mining for unwanted P2P traffic
(Publication) Google search: [1]
| PeerRush: mining for unwanted P2P traffic | |
|---|---|
| Botnet | |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013 |
| Editor/Conference | Conference on Detection of Intrusions and Malware & Vulnerability Assessment |
| Link | http://www.cs.uga.edu/~kangli/src/dimva2013.pdf www.cs.uga.edu (www.cs.uga.edu Archive copy) |
| Author | Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li |
| Type | Conference paper"Conference paper" is not in the list (Blogpost, White paper, Scientific paper, Press article, Conference paper or presentation, Threat entry, Press release, Tech report) of allowed values for the "Type" property. |
Abstract
“ In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, Peer-Rush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic.
We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1352,
editor = {Conference on Detection of Intrusions and Malware & Vulnerability Assessment},
author = {Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li},
title = {PeerRush: mining for unwanted P2P traffic},
date = {20},
month = Apr,
year = {2013},
howpublished = {\url{http://www.cs.uga.edu/~kangli/src/dimva2013.pdf www.cs.uga.edu}},
}