A Framework for Monitoring and Mitigating Malicious Attacks in Structured P2P Overlay Networks

Structured p2p overlay networks are vulnerable to malicious nodes which can control more than one identities. In such situation, they can mediate and monitor most overlay traffic. The decentralized and dynamic nature of such systems makes the detection of these nodes a very difficult task. In this paper we present a framework for monitoring and mitigating malicious attacks. We argued that monitoring traffic allows us to identify suspicious behavior. Our key idea is to divide the overlay into zones to reduce the number of monitors and capture traffic without disruption the routing protocol. Our solution generates measurements on the whole network and provides a Preset profile, finding a set of peers with malicious behavior that do not follow this profile. Evaluation shows that our framework has a good performance and can detect malicious nodes that are intended to malign the overlay.