An intrusion detection based approach for the scalable detection of P2P traffic in the national academic network backbone

SCHMİDT Ş. E., Soysal M.

7th International Symposium on Computer Networks, İstanbul, Turkey, 16 - 18 June 2006, pp.128-129 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • City: İstanbul
  • Country: Turkey
  • Page Numbers: pp.128-129
  • Middle East Technical University Affiliated: Yes


The share of peer-to-peer (P2P) protocol in the total network traffic grows day-by-day in the Turkish Academic Network (UlakNet) similar to the other networks in the world. This growth is mostly because of the popularity of the shared content and the great enhancement in the P2P protocol since it first came out with Napster. The shared files are generally both large and copyrighted. Motivated by the problems of UlakNet with the P2P traffic, we propose a novel method for P2P traffic detection in the network backbone in this paper. Observing the similarity between detecting traffic that belongs to a specific protocol and detecting an intrusion in a computer system, we adopt an intrusion detection system (IDS) technique to detect P2P traffic. Our method is a passive detection procedure that uses traffic flows gathered from border routers. Hence, it is scalable and does not have the problems of other approaches that rely on packet payload data or transport layer ports.