Traffic analyzer for differentiating BitTorrent handshake failures from   port-scans

Kamran Khan; Affan Syed; Ali Khayam

arXiv:1309.0276·cs.NI·September 4, 2013·2 cites

Traffic analyzer for differentiating BitTorrent handshake failures from port-scans

Kamran Khan, Affan Syed, Ali Khayam

PDF

Open Access

TL;DR

This paper presents a traffic analysis method that significantly reduces false positives in port-scan detection by differentiating BitTorrent traffic from port-scans, enhancing IDS accuracy.

Contribution

It introduces a novel approach to distinguish BitTorrent handshake attempts from port-scans, reducing false positives by 80% without compromising detection accuracy.

Findings

01

False positives reduced by 80%

02

Effective differentiation of BitTorrent and port-scan traffic

03

Maintains IDS accuracy while reducing false alarms

Abstract

This paper aims to improve the accuracy of port-scan detectors by analyzing traffic of BitTorrent hosts and differentiating their respective BitTorrent connection (attempts) from port-scans. It is shown that by looking at BitTorrent coordination traffic and modelling port-scanning behavior the number of BitTorrent-related false positives can be reduced by 80% without any loss of IDS accuracy.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsPeer-to-Peer Network Technologies · Caching and Content Delivery · Advanced Data Storage Technologies