Inproceedings
Universal Peer-to-Peer Network Investigation Framework
Contribution Summary
The Universal Peer-to-Peer Network Investigation Framework (UP2PNIF) is a novel tool for investigating Peer-to-Peer (P2P) networks. The framework leverages the common attributes of P2P networks to facilitate faster and less labor-intensive investigations. It can be applied to various investigation types, including evidence collection, anatomy, wide-area measurement, and takeover. The framework consists of four main components: traffic collection, traffic pattern database, traffic analysis, and client emulation. The traffic collection module monitors network traffic, while the traffic pattern database stores known network patterns. The traffic analysis module identifies traffic patterns, and the client emulation module performs forensic investigations. UP2PNIF can be used in various scenarios, including forensic laboratories, cloud environments, and remote, portable settings. The framework's architecture is designed to operate in a way that mimics regular P2P traffic, ensuring that it does not disrupt the network. By exploiting the common attributes of P2P networks, UP2PNIF enables investigators to gather evidence, analyze network traffic, and understand the design and structure of the network. The framework's capabilities make it a valuable tool for investigating P2P networks and combating cybercrimes.
Keywords: Peer-to-Peer Networks; Digital Forensics; Cybercrime Investigation; Network Traffic Analysis; Botnet Investigation; P2P Network Investigation Framework; Universal Peer-to-Peer Network Investigation Framework; UP2PNIF
Abstract
Peer-to-Peer (P2P) networking has fast become a useful technological advancement for a vast range of cybercriminal activities. Cybercrimes from copyright infringement and spamming, to serious, high financial impact crimes, such as fraud, distributed denial of service attacks (DDoS) and phishing can all be aided by applications and systems based on the technology. The requirement for investigating P2P based systems is not limited to the more well known cybercrimes listed above, as many more legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, VoIP and instant messaging communications, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. This paper introduces the Universal Peer-to-Peer Network Investigation Framework (UP2PNIF); a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in network functionality. In combination with a reference database of known network protocols and characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework. The framework can intelligently determine the best methodology dependant on the focus of the investigation resulting in a significantly expedited evidence gathering process.
BibTeX
@inproceedings{scanlon2014universalp2pframework,
author={Scanlon, Mark and Kechadi, M-Tahar},
title="{Universal Peer-to-Peer Network Investigation Framework}",
booktitle={Availability, Reliability and Security (ARES), 2013 Eighth International Conference on},
year=2013,
month=09,
pages="694-700",
doi="10.1109/ARES.2013.91",
address={Regensburg, Germany},
publisher={IEEE},
abstract="Peer-to-Peer (P2P) networking has fast become a useful technological advancement for a vast range of cybercriminal activities. Cybercrimes from copyright infringement and spamming, to serious, high financial impact crimes, such as fraud, distributed denial of service attacks (DDoS) and phishing can all be aided by applications and systems based on the technology. The requirement for investigating P2P based systems is not limited to the more well known cybercrimes listed above, as many more legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, VoIP and instant messaging communications, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. This paper introduces the Universal Peer-to-Peer Network Investigation Framework (UP2PNIF); a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in network functionality. In combination with a reference database of known network protocols and characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework. The framework can intelligently determine the best methodology dependant on the focus of the investigation resulting in a significantly expedited evidence gathering process."
}