Network Packet Inspection to Identify Contraband File Sharing Using Forensic Tools

Автор: N.Kannaiya Raja, K.Arulanandam, R.Somasundaram

Журнал: International Journal of Computer Network and Information Security(IJCNIS) @ijcnis

Статья в выпуске: 3 vol.4, 2012 года.

Бесплатный доступ

This Paper discusses the digital forensic tool that uses a field Programmable Gate Array [FPGA] based software for deep packet inspection in network Router for a Bit Torrent Handshake message. Extracts the "Information Hashing" of the file being shared, compares the hash against a list of known contraband files for forensic analysis and it matches the message to a log file. Forensic analysis gives several optimization techniques for reducing the CPU time required for reducing the CPU time required to process packets are investigated along with their ability to improve packet capture performance. Experiments demonstrate that the system is able to successfully capture and process Bit Torrent Handshake message with a probability of at least 99.0% under a network traffic load of 89.6 Mbps on a 100 Mbps network.

Еще

FPGA, Packet Inspection, BTM, P2P networks

Короткий адрес: https://sciup.org/15011065

IDR: 15011065

Список литературы Network Packet Inspection to Identify Contraband File Sharing Using Forensic Tools

  • R. Badonnel, R. State, I. Chrisment and O. Festor, A management platform for tracking cyber predators in peer-to-peer networks, Proceedings of the Second International Conference on Internet Monitoring and Protection, p.11, 2007.
  • K. Chow, K. Cheng, L. Man, P. Lai, L. Hui, C. Chong, K. Pun, W. Tsang, H. Chan and S. Yiu, BTM – An automated rule-based BT monitoring system for piracy detection, Proceedings of the Second International Conference on Internet Monitoring and Protection, p. 2, 2007.
  • B. Cohen, Incentives build robustness in BitTorrent (www.bittor rent.org/bittorrentecon.pdf), 2003.
  • B. Cohen, BEP3: The BitTorrent protocol specification (www.bittor rent.org/beps/bep 0003.html), 2008.
  • P. Gil, "Peer Guardian" Firewall: Keep your P2P private (netfor beginners.about.com/od/peersharing/a/peerguardian.htm), 2009.
  • Institute of Electrical and Electronics Engineers, IEEE Standard 802.3-2005: Local and Metropolitan Area Networks – Specific Requirements Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, Piscataway, New Jersey (standards.ieee.org/getieee802/802.3.html), 2005.
  • R. MacManus, The underground world of private P2P networks (www.readwriteweb.com/archives/private p2p.php), 2006.
  • National Institute of Standards and Technology, Secure Hash Standard (FIPS 180-1), Federal Information Processing Standard Publication 180-1, Gaithersburg, Maryland (www.itl.nist.gov/fipspubs/fip180-1.htm), 1995.
  • D. Plonka, UW-Madison Napster traffic measurement, University of Wisconsin, Madison, Wisconsin (net.doit.wisc.edu/data/Napster), 2000. Schrader, Mullins, Peterson & Mills 173
  • S. Saroiu, K. Gummadi, R. Dunn, S. Gribble and H. Levy, An analysis of Internet content delivery systems, Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pp. 315–327, 2002.
  • TorrentFreak, The"one-third of all Internet traffic"myth (torrentfre ak.com/bittorrent-the-one-third-of-all-internet-traffic-myth), 2006
  • TorrentFreak, The“one-third of all Internet traffic”myth (torrentfre ak.com/bittorrent-the-onethird-of-all-internet-traffic-myth),2006.
Еще
Статья научная