Bitstalker

Accurately and efficiently monitoring bittorrent traffic

Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009
    Pages181-185
    Number of pages5
    DOIs
    StatePublished - 2009
    Event2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009 - London, United Kingdom
    Duration: Dec 6 2009Dec 9 2009

    Other

    Other2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009
    CountryUnited Kingdom
    CityLondon
    Period12/6/0912/9/09

    Fingerprint

    Peer to peer networks
    Monitoring
    Peers
    Peer-to-peer networks
    Music
    File sharing
    Enforcement
    Movies

    Keywords

    • Data mining for forensic evidence

    ASJC Scopus subject areas

    • Computer Science Applications
    • Information Systems
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Cite this

    Bauer, K., McCoy, D., Grunwald, D., & Sicker, D. (2009). Bitstalker: Accurately and efficiently monitoring bittorrent traffic. In Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009 (pp. 181-185). [5386457] https://doi.org/10.1109/WIFS.2009.5386457

    Bitstalker : Accurately and efficiently monitoring bittorrent traffic. / Bauer, Kevin; McCoy, Damon; Grunwald, Dirk; Sicker, Douglas.

    Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009. 2009. p. 181-185 5386457.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Bauer, K, McCoy, D, Grunwald, D & Sicker, D 2009, Bitstalker: Accurately and efficiently monitoring bittorrent traffic. in Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009., 5386457, pp. 181-185, 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009, London, United Kingdom, 12/6/09. https://doi.org/10.1109/WIFS.2009.5386457
    Bauer K, McCoy D, Grunwald D, Sicker D. Bitstalker: Accurately and efficiently monitoring bittorrent traffic. In Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009. 2009. p. 181-185. 5386457 https://doi.org/10.1109/WIFS.2009.5386457
    Bauer, Kevin ; McCoy, Damon ; Grunwald, Dirk ; Sicker, Douglas. / Bitstalker : Accurately and efficiently monitoring bittorrent traffic. Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009. 2009. pp. 181-185
    @inproceedings{d445653acbfd4856ad2558160c364f11,
    title = "Bitstalker: Accurately and efficiently monitoring bittorrent traffic",
    abstract = "BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11{\%} false positives, while we show that false positives are rare with our active approach.",
    keywords = "Data mining for forensic evidence",
    author = "Kevin Bauer and Damon McCoy and Dirk Grunwald and Douglas Sicker",
    year = "2009",
    doi = "10.1109/WIFS.2009.5386457",
    language = "English (US)",
    isbn = "9781424452804",
    pages = "181--185",
    booktitle = "Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009",

    }

    TY - GEN

    T1 - Bitstalker

    T2 - Accurately and efficiently monitoring bittorrent traffic

    AU - Bauer, Kevin

    AU - McCoy, Damon

    AU - Grunwald, Dirk

    AU - Sicker, Douglas

    PY - 2009

    Y1 - 2009

    N2 - BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.

    AB - BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.

    KW - Data mining for forensic evidence

    UR - http://www.scopus.com/inward/record.url?scp=77949844989&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=77949844989&partnerID=8YFLogxK

    U2 - 10.1109/WIFS.2009.5386457

    DO - 10.1109/WIFS.2009.5386457

    M3 - Conference contribution

    SN - 9781424452804

    SP - 181

    EP - 185

    BT - Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009

    ER -