Network Packet Inspection to Identify Contraband File Sharing Using Forensic Tools

Full Text (PDF, 1432KB), PP.24-30

Views: 0 Downloads: 0

Author(s)

N.Kannaiya Raja 1,* K.Arulanandam 2 R.Somasundaram 1

1. Arulmigu Meenakshi Amman College of Engg Thiruvannamalai Dt, Near Kanchipuram

2. CSE Department Ganadipathy Tulsi’s Jain Engineering College, Vellore

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.03.04

Received: 2 Jul. 2011 / Revised: 7 Nov. 2011 / Accepted: 20 Jan. 2012 / Published: 8 Apr. 2012

Index Terms

FPGA, Packet Inspection, BTM, P2P networks

Abstract

This Paper discusses the digital forensic tool that uses a field Programmable Gate Array [FPGA] based software for deep packet inspection in network Router for a Bit Torrent Handshake message. Extracts the "Information Hashing" of the file being shared, compares the hash against a list of known contraband files for forensic analysis and it matches the message to a log file. Forensic analysis gives several optimization techniques for reducing the CPU time required for reducing the CPU time required to process packets are investigated along with their ability to improve packet capture performance. Experiments demonstrate that the system is able to successfully capture and process Bit Torrent Handshake message with a probability of at least 99.0% under a network traffic load of 89.6 Mbps on a 100 Mbps network.

Cite This Paper

N.Kannaiya Raja, K.Arulanandam, R.Somasundaram, "Network Packet Inspection to Identify Contraband File Sharing Using Forensic Tools", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.3, pp.24-30, 2012. DOI:10.5815/ijcnis.2012.03.04

Reference

[1]R. Badonnel, R. State, I. Chrisment and O. Festor, A management platform for tracking cyber predators in peer-to-peer networks, Proceedings of the Second International Conference on Internet Monitoring and Protection, p.11, 2007.
[2]K. Chow, K. Cheng, L. Man, P. Lai, L. Hui, C. Chong, K. Pun, W. Tsang, H. Chan and S. Yiu, BTM – An automated rule-based BT monitoring system for piracy detection, Proceedings of the Second International Conference on Internet Monitoring and Protection, p. 2, 2007.
[3]B. Cohen, Incentives build robustness in BitTorrent (www.bittor rent.org/bittorrentecon.pdf), 2003.
[4]B. Cohen, BEP3: The BitTorrent protocol specification (www.bittor rent.org/beps/bep 0003.html), 2008.
[5]P. Gil, "Peer Guardian" Firewall: Keep your P2P private (netfor beginners.about.com/od/peersharing/a/peerguardian.htm), 2009.
[6]Institute of Electrical and Electronics Engineers, IEEE Standard 802.3-2005: Local and Metropolitan Area Networks – Specific Requirements Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, Piscataway, New Jersey (standards.ieee.org/getieee802/802.3.html), 2005.
[7]R. MacManus, The underground world of private P2P networks (www.readwriteweb.com/archives/private p2p.php), 2006.
[8]National Institute of Standards and Technology, Secure Hash Standard (FIPS 180-1), Federal Information Processing Standard Publication 180-1, Gaithersburg, Maryland (www.itl.nist.gov/fipspubs/fip180-1.htm), 1995.
[9]D. Plonka, UW-Madison Napster traffic measurement, University of Wisconsin, Madison, Wisconsin (net.doit.wisc.edu/data/Napster), 2000. Schrader, Mullins, Peterson & Mills 173
[10]S. Saroiu, K. Gummadi, R. Dunn, S. Gribble and H. Levy, An analysis of Internet content delivery systems, Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pp. 315–327, 2002.
[11]TorrentFreak, The"one-third of all Internet traffic"myth (torrentfre ak.com/bittorrent-the-one-third-of-all-internet-traffic-myth), 2006
[12]TorrentFreak, The“one-third of all Internet traffic”myth (torrentfre ak.com/bittorrent-the-onethird-of-all-internet-traffic-myth),2006.