Collaborative Anomaly Detection For Structured P2P Networks

Anomaly detection in Peer-to-Peer (P2P) networks is generally difficult due to the large number of users in the network. Exhaustive probing on each user is extremely unrealistic. Besides, unlike hierarchical systems, the infrastructure of a P2P network is flat, which makes multi-casting based probing schemes impossible. Most P2P security research focus on proactive prevention schemes to secure the system. In this paper, we aim to apply passive anomaly detection to estimate the proportion of malicious nodes in the network, without any network parameter information. Two deployment schemes are proposed for different network attacks. We deploy monitoring nodes which maintain both in- and out-of-band P2P communications. Monitoring nodes collaboratively probe one another periodically, and observations at each monitoring node are aggregated by a token message. Simulation results show that after applying our anomaly detection system, we can estimate the status of malicious nodes in a P2P network with high accuracy, and the delivery rate of the network is noticeably increased after successfully blocking suspicious nodes.