Presentation is loading. Please wait.

Presentation is loading. Please wait.

PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong."— Presentation transcript:

1 PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong Kong

2 Outline Where the idea comes from Periodic patterns of P2P applications Methods to extract the patterns Application of PBS Related work Discussion Conclusion

3 Idea comes from... Discovery by chance: Doing measurement on PPLive packet trace locally and analysis the performance. IE-Dept. Campus Network Outside campus

4 Idea comes from... Measurement results of PPLive traffic: Every 5 seconds! Like a periodic sequence!

5 Idea comes from... Based on discovery, raise several questions: 1. Dose this phenomenon always occur or just by chance? 2. If so, does other P2P Streaming / file sharing systems have such property? 3. If so, do they have same periods or different? 4. If so, one period represents a particular P2P application  Identification of P2P applications

6 Idea comes from... Borrow idea: Element identification by Spectrum Analysis f

7 Periodic group communication patterns Why P2P applications have periodicity? In order to form and maintain the overlay topology. Two classes of periodic group communication pattern: 1)Control plane – overlay form and maintenance 2)Data plane – content multicasting For both structured overlay and data-driven overlay.

8 Periodic group communication patterns Why P2P applications have periodicity? Two kinds of overlays formed by P2P applications: Structured overlays: a)Mesh-based: End System Multicast b)Tree-based: NICE, Yoid, Scribe Data driven overlays (e.g. BitTorrent): a)Periodically update chunk information with tracker b)Periodically choking (10s) and unchoking (30s).

9 Periodic group communication patterns Pattern 1: Gossip of Buffer Maps

10 Pattern 2: Content Flow Control Periodic group communication patterns

11 Pattern 3: Synchronized Link Activation and Deactivation Peer’s tit-for-tat mechanism, such as Bit-torrent Alice Bob Choked Christ David Elaine Unchoke

12 Three types of sequence generator SG1 ACF FFT SG1: Sequence generator for gossip pattern

13 Three types of sequence generator SG2 ACF FFT SG2: Sequence generator for content flow control pattern

14 Three types of sequence generator SG3 ACF FFT SG3: Sequence generator for Synchronized start and end of flows

15 FFT results of selective P2P applications

16 Packet trace SG1 SG2 SG3 FFT1 FFT2 FFT3 Analyzer PBS of known P2P applications Apply PBS to identify P2P traffic a)Filtering b)Sequencing c)Transforming d)Analyzing Heuristic Algorithm overview Detect on target host and iterative process. Filter Configuring Filtering parameters

17 Identification Results Two days’ traffic trace collected at IE Department Gateway Packet payload signature validation Result In these two days, four hosts running: 1.PPStream live streaming, 2.PPLive live streaming, 3.Emule 4.BT, were identified by our method with 100% accuracy.

18 Discussions 1.Only packet header information is needed. 2.Aims for specific P2P applications 3.Can be used as a validating method. 4.The data collection position affects the performance. (May work well at campus level traffic trace.) 5.The identification results are host-level not flow-level. 6.Packet sampling may cause problems. 7.Lack of ways to validate identification results. When apply PBS to identify P2P application:

19 Related Work P2P traffic identification is a hot topic. Existing approach: 1.Transport layer port number based Simplest method, easy implementation and real time Effective and efficient for normal applications (WEB, DNS, MAIL, FTP …) In nowadays P2P applications do not use fixed predefined well-known port numbers. Sometimes applications tunnel through well-known port.

20 Related Work Existing approach: 2.Packet payload-based More reliable than port-based method Adopted by commercial products Detect specific applications (BT, E-Donkey, etc) Privacy and legal issue Ineffective when payload encryption is done Finding appropriate signatures for newly released applications or maintaining up-to-date signatures are daunting tasks! (our experience)

21 Existing approach: 3.Host traffic pattern based: BLINC Only need flow-level information, no payload, no port number information needed. Host-level identification (new thinking way) Not aiming for P2P traffic but all kinds of applications Related Work Figure from “Blinc: Multilevel Traffic Classification in the Dark”, In Sigcomm’05

22 Conclusion In this paper: 1)Periodic communication patterns of P2P applications 2) Three sequence generators to catch the periodic patterns 3)Illustrating Frequency Characteristics of several existing P2P applications 4) Heuristic identification method by applying PBS 5) Discussions 6) Related work

23 Thanks ! Q & A

Download ppt "PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong."

Similar presentations

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
Performance Modeling and Engineering Issues of BT-Like File Sharing Systems M.H. Lin, John C.S. Lui, D.M. Chiu The Chinese University of Hong Kong.

Performance Modeling and Engineering Issues of BT-Like File Sharing Systems M.H. Lin, John C.S. Lui, D.M. Chiu The Chinese University of Hong Kong.
Detecting P2P Traffic from the P2P Flow Graph Jonghyun Kim Khushboo Shah Stephen Bohacek Electrical and Computer Engineering.

Detecting P2P Traffic from the P2P Flow Graph Jonghyun Kim Khushboo Shah Stephen Bohacek Electrical and Computer Engineering.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.

Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.
Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3.

Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3.
Perceptual Quality Assessment of P2P Assisted Streaming Video for Chunk-level Playback Controller Design Tom Z.J. Fu, CUHK W. T. Leung, CUHK P. Y. Lam,

Perceptual Quality Assessment of P2P Assisted Streaming Video for Chunk-level Playback Controller Design Tom Z.J. Fu, CUHK W. T. Leung, CUHK P. Y. Lam,
Designing QoE experiments to evaluate Peer-to-Peer streaming applications Tom Z.J. Fu, CUHK Dah Ming Chiu, CUHK Zhibin Lei, ASTRI VCIP 2010, Huang Shan,

Designing QoE experiments to evaluate Peer-to-Peer streaming applications Tom Z.J. Fu, CUHK Dah Ming Chiu, CUHK Zhibin Lei, ASTRI VCIP 2010, Huang Shan,
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Inferring the Topology and Traffic Load of Parallel Programs in a VM environment Ashish Gupta Resource Virtualization Winter Quarter Project.

Inferring the Topology and Traffic Load of Parallel Programs in a VM environment Ashish Gupta Resource Virtualization Winter Quarter Project.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt On the Validation of Traffic Classification Algorithms Géza Szabó, Dániel Orincsay, Szabolcs Malomsoky,

Slide title In CAPITALS 50 pt Slide subtitle 32 pt On the Validation of Traffic Classification Algorithms Géza Szabó, Dániel Orincsay, Szabolcs Malomsoky,
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
seminar on Intrusion detection system

seminar on Intrusion detection system
Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.
RelSamp: Preserving Application Structure in Sampled Flow Measurements Myungjin Lee, Mohammad Hajjat, Ramana Rao Kompella, Sanjay Rao.

RelSamp: Preserving Application Structure in Sampled Flow Measurements Myungjin Lee, Mohammad Hajjat, Ramana Rao Kompella, Sanjay Rao.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Ensuring the Reliability of Data Delivery © 2004 Cisco Systems, Inc. All rights reserved. Understanding How UDP and TCP Work INTRO v2.0—6-1.

Ensuring the Reliability of Data Delivery © 2004 Cisco Systems, Inc. All rights reserved. Understanding How UDP and TCP Work INTRO v2.0—6-1.

Similar presentations

Ads by Google