这是indexloc提供的服务,不要输入任何密码
Skip to main content
Springer Nature Link
Log in

Detection and mitigation of localized attacks in a widely deployed P2P network

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers’ ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+
from $39.99 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Notes

  1. Digital Millenium Copyright Act.

  2. A zone is an artificial subdivision of the DHT address space considering only the first byte of the KADID (from 0x00 to 0xFF).

  3. Some IP addresses are anonymized in the article.

  4. http://www.planet-lab.org/

  5. https://gtk-gnutella.svn.sourceforge.net/svnroot/gtk-gnutella/trunk/gtk-gnutella/

References

  1. Cholez T, Chrisment I, Festor O (2009) Evaluation of sybil attacks protection schemes in KAD. In: 3rd international conference on Autonomous Infrastructure, Management and Security—AIMS 2009 Scalability of networks and services. Lecture notes in computer science, vol 5637. Enschede Pays-Bas. University of Twente, Springer, pp 70–82

    Google Scholar 

  2. Cholez T, Chrisment I, Festor O (2010) Efficient DHT attack mitigation through peers’ ID distribution. In: Seventh international workshop on hot topics in peer-to-peer systems—HotP2P 2010, Atlanta USA. IEEE International Parallel & Distributed Processing Symposium

  3. Cholez T, Chrisment I, Festor O (2010) Monitoring and controlling content access in KAD. In: International Conference on Communications—ICC 2010. IEEE, Capetown South Africa

  4. Dinger J, Hartenstein H (2006) Defending the sybil attack in P2P networks: taxonomy, challenges, and a proposal for self-registration. In: First international conference on Availability, Reliability and Security (ARES 2006), pp 756–763

  5. Danezis G, Lesniewski-Laas C, Kaashoek MF, Anderson RJ (2005) Sybil-resistant dht routing. In: De Capitani di Vimercati S, Syverson PF, Gollmann D (eds) ESORICS. Lecture notes in computer science, vol 3679. Springer, pp 305–318

  6. Douceur JR (2002) The sybil attack. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer-Verlag, London, UK, pp 251–260

  7. Kohnen M, Leske M, Rathgeb EP (2009) Conducting and optimizing eclipse attacks in the KAD peer-to-peer network. In: NETWORKING ’09: proceedings of the 8th international IFIP-TC 6 networking conference. Springer-Verlag, Berlin, Heidelberg, pp 104–116

  8. Le Blond S, Legout A, Le Fessant F, Dabbous W, Kaafar MA (2010) Spying the world from your laptop—identifying and profiling content providers and big downloaders in bittorrent. In: 3rd USENIX workshop on Large-Scale Exploits and Emergent Threats (LEET’10). Usenix, San Jose, CA, USA

  9. Locher T, Mysicka D, Schmid S, Wattenhofer R (2010) Poisoning the kad network In: 11th International Conference on Distributed Computing and Networking (ICDCN), Kolkata, India

  10. Lesueur F, Mé L, Tong VVT (2008) A sybil-resistant admission control coupling SybilGuard with distributed certification. In: Proceedings of the 4th international workshop on Collaborative Peer-to-Peer Systems (COPS). IEEE Computer Society, Rome, Italy

  11. Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in p2p file sharing systems. In: INFOCOM. IEEE Computer Society, IEEE

  12. Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the XOR metric. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer-Verlag, London, UK, pp 53–65

  13. Memon G, Rejaie R, Guo Y, Stutzbach D (2009) Large-scale monitoring of DHT traffic. In: International Workshop on Peer-to-Peer Systems (IPTPS), Boston, MA

  14. Naoumov N, Ross K (2006) Exploiting p2p systems for ddos attacks. In: InfoScale ’06: proceedings of the 1st international conference on scalable information systems. 2006. ACM, New York, NY, USA, p 47

    Chapter  Google Scholar 

  15. Piatek M, Kohno T, Krishnamurthy A (2008) Challenges and directions for monitoring p2p file sharing networks—or—why my printer received a dmca takedown notice. In:HotSec. USENIX Association

  16. Potharaju R, Seibert J, Fahmy S, Nita-Rotaru C (2011) Omnify: investigating the visibility and effectiveness of copyright monitors. In: Proceedings of the 12th international conference on passive and active measurement, PAM’11. Springer-Verlag, Berlin, Heidelberg, pp 122–132

  17. Rowaihy H, Enck W, McDaniel P, Porta TL (2007) Limiting sybil attacks in structured p2p networks. In: INFOCOM. IEEE Computer Society, IEEE, pp 2596–2600

  18. Singh A, Castro M, Druschel P, Rowstron A (2004) Defending against eclipse attacks on overlay networks. In: EW 11: proceedings of the 11th workshop on ACM SIGOPS European workshop. ACM, New York, NY, USA, p 21

    Chapter  Google Scholar 

  19. Steiner M, En-Najjary T, Biersack EW (2007) Exploiting kad: possible uses and misuses. SIGCOMM Comput Commun Rev 37(5):65–70

    Article  Google Scholar 

  20. Steiner M, En-Najjary T, Biersack EW (2007) A global view of kad. In: IMC 2007, ACM SIGCOMM internet measurement conference, 23–26 Oct 2007, San Diego, USA

  21. Siganos G, Pujol JM, Rodriguez P (2009) Monitoring the bittorrent monitors: a bird’s eye view. In: Proceedings of the 10th international conference on passive and active network measurement, PAM ’09. Springer-Verlag, Berlin, Heidelberg, pp 175–184

    Chapter  Google Scholar 

  22. Sokal RR, Rohlf FJ (1994) Biometry: the principles and practice of statistics in biological research (3rd edn). Freeman, New York

    Google Scholar 

  23. Timpanaro JP, Cholez T, Chrisment I, Festor I (2011) When kad meets bittorrent—building a stronger p2p network. In: Eighth international workshop on hot topics in peer-to-peer systems—HotP2P 2011, Anchorage, USA. IEEE International parallel & distributed processing symposium

  24. Wang P, Tyra J, Chan-Tin E, Malchow T, Kune DF, Hopper N, Kim Y (2008) Attacking the kad network. In: SecureComm ’08: Proceedings of the 4th international conference on Security and privacy in communication netowrks. ACM, New York, NY, USA, pp 1–10

    Chapter  Google Scholar 

  25. Yu J, Fang C, Xu J, Chang EC, Li Z (2009) Id repetition in KAD. In: Schulzrinne H, Aberer K, Datta A (eds) Peer-to-peer computing. IEEE, pp 111–120

  26. Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. In: SIGCOMM ’06: proceedings of the 2006 conference on applications, technologies, architectures, and protocols for computer communications. ACM, New York, NY, USA, pp 267–278

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université de Technologie de Troyes, 12 rue Marie Curie, 10010, Troyes, France

    Thibault Cholez & Guillaume Doyen

  2. LORIA, INRIA Nancy-Grand Est, Campus Scientifique, 54506, Vandoeuvre-les-Nancy, France

    Isabelle Chrisment & Olivier Festor

Authors
  1. Thibault Cholez
    View author publications

    Search author on:PubMed Google Scholar

  2. Isabelle Chrisment
    View author publications

    Search author on:PubMed Google Scholar

  3. Olivier Festor
    View author publications

    Search author on:PubMed Google Scholar

  4. Guillaume Doyen
    View author publications

    Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Thibault Cholez.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cholez, T., Chrisment, I., Festor, O. et al. Detection and mitigation of localized attacks in a widely deployed P2P network. Peer-to-Peer Netw. Appl. 6, 155–174 (2013). https://doi.org/10.1007/s12083-012-0137-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue date:

  • DOI: https://doi.org/10.1007/s12083-012-0137-7

Keywords

Profiles

  1. Thibault Cholez View author profile