TY - GEN
T1 - Collaborative anomaly detection for structured P2P networks
AU - Wang, Wei
AU - Man, Hong
AU - He, Fangming
PY - 2009
Y1 - 2009
N2 - Anomaly detection in Peer-to-Peer (P2P) networks is generally difficult due to the large number of users in the network. Exhaustive probing on each user is extremely unrealistic. Besides, unlike hierarchical systems, the infrastructure of a P2P network is flat, which makes multi-casting based probing schemes impossible. Most P2P security research focus on proactive prevention schemes to secure the system. In this paper, we aim to apply passive anomaly detection to estimate the proportion of malicious nodes in the network, without any network parameter information. Two deployment schemes are proposed for different network attacks. We deploy monitoring nodes which maintain both in- and out-of-band P2P communications. Monitoring nodes collaboratively probe one another periodically, and observations at each monitoring node are aggregated by a token message. Simulation results show that after applying our anomaly detection system, we can estimate the status of malicious nodes in a P2P network with high accuracy, and the delivery rate of the network is noticeably increased after successfully blocking suspicious nodes.
AB - Anomaly detection in Peer-to-Peer (P2P) networks is generally difficult due to the large number of users in the network. Exhaustive probing on each user is extremely unrealistic. Besides, unlike hierarchical systems, the infrastructure of a P2P network is flat, which makes multi-casting based probing schemes impossible. Most P2P security research focus on proactive prevention schemes to secure the system. In this paper, we aim to apply passive anomaly detection to estimate the proportion of malicious nodes in the network, without any network parameter information. Two deployment schemes are proposed for different network attacks. We deploy monitoring nodes which maintain both in- and out-of-band P2P communications. Monitoring nodes collaboratively probe one another periodically, and observations at each monitoring node are aggregated by a token message. Simulation results show that after applying our anomaly detection system, we can estimate the status of malicious nodes in a P2P network with high accuracy, and the delivery rate of the network is noticeably increased after successfully blocking suspicious nodes.
KW - Anomaly detection
KW - Network security
KW - Peer-to-peer networks
UR - http://www.scopus.com/inward/record.url?scp=77951528540&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77951528540&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2009.5425503
DO - 10.1109/GLOCOM.2009.5425503
M3 - Conference contribution
AN - SCOPUS:77951528540
SN - 9781424441488
T3 - GLOBECOM - IEEE Global Telecommunications Conference
BT - GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference
T2 - 2009 IEEE Global Telecommunications Conference, GLOBECOM 2009
Y2 - 30 November 2009 through 4 December 2009
ER -