A first approach to detect suspicious peers in the KAD P2P network

Thibault Cholez; Christopher Hénard; Isabelle Chrisment; Olivier Festor; Guillaume Doyen; Rida Khatoun

doi:10.1109/SAR-SSI.2011.5931383

A first approach to detect suspicious peers in the KAD P2P network

Thibault Cholez, Christopher Hénard, Isabelle Chrisment, Olivier Festor, Guillaume Doyen, Rida Khatoun

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.

Original language	English
Title of host publication	2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings
DOIs	https://doi.org/10.1109/SAR-SSI.2011.5931383
Publication status	Published - 1 Aug 2011
Externally published	Yes
Event	2011 Conference on Network and Information Systems Security, SAR-SSI 2011 - Ile de Re, La Rochelle, France Duration: 18 May 2011 → 21 May 2011

Publication series

Name	2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

Conference

Conference	2011 Conference on Network and Information Systems Security, SAR-SSI 2011
Country/Territory	France
City	Ile de Re, La Rochelle
Period	18/05/11 → 21/05/11

Keywords

DHT
KAD
Sybil attack
attack detection
monitoring
security

Access to Document

10.1109/SAR-SSI.2011.5931383

Cite this

Cholez, T., Hénard, C., Chrisment, I., Festor, O., Doyen, G., & Khatoun, R. (2011). A first approach to detect suspicious peers in the KAD P2P network. In 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings Article 5931383 (2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings). https://doi.org/10.1109/SAR-SSI.2011.5931383

@inproceedings{faf812782d634bb1bd58c4d611bb96a1,

title = "A first approach to detect suspicious peers in the KAD P2P network",

abstract = "Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.",

keywords = "DHT, KAD, Sybil attack, attack detection, monitoring, security",

author = "Thibault Cholez and Christopher H{\'e}nard and Isabelle Chrisment and Olivier Festor and Guillaume Doyen and Rida Khatoun",

year = "2011",

month = aug,

day = "1",

doi = "10.1109/SAR-SSI.2011.5931383",

language = "English",

isbn = "9781457707377",

series = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings",

booktitle = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings",

note = "2011 Conference on Network and Information Systems Security, SAR-SSI 2011 ; Conference date: 18-05-2011 Through 21-05-2011",

}

Cholez, T, Hénard, C, Chrisment, I, Festor, O, Doyen, G & Khatoun, R 2011, A first approach to detect suspicious peers in the KAD P2P network. in 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings., 5931383, 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings, 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Ile de Re, La Rochelle, France, 18/05/11. https://doi.org/10.1109/SAR-SSI.2011.5931383

A first approach to detect suspicious peers in the KAD P2P network. / Cholez, Thibault; Hénard, Christopher; Chrisment, Isabelle et al.
2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings. 2011. 5931383 (2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A first approach to detect suspicious peers in the KAD P2P network

AU - Cholez, Thibault

AU - Hénard, Christopher

AU - Chrisment, Isabelle

AU - Festor, Olivier

AU - Doyen, Guillaume

AU - Khatoun, Rida

PY - 2011/8/1

Y1 - 2011/8/1

N2 - Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.

AB - Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.

KW - DHT

KW - KAD

KW - Sybil attack

KW - attack detection

KW - monitoring

KW - security

U2 - 10.1109/SAR-SSI.2011.5931383

DO - 10.1109/SAR-SSI.2011.5931383

M3 - Conference contribution

AN - SCOPUS:79960751589

SN - 9781457707377

T3 - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

BT - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011, Proceedings

T2 - 2011 Conference on Network and Information Systems Security, SAR-SSI 2011

Y2 - 18 May 2011 through 21 May 2011

ER -

A first approach to detect suspicious peers in the KAD P2P network

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this