BitPredator: A Discovery Algorithm for BitTorrent Initial Seeders and Peers (original) (raw)

BitStalker: Accurately and efficiently monitoring bittorrent traffic

2009 First IEEE International Workshop on Information Forensics and Security (WIFS), 2009

BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification.

Methodology and implementation for tracking the file sharers using BitTorrent

Multimedia Tools and Applications, 2013

Sharing copyright protected content without the copyright holder's permission is illegal in many countries. Regardless, the number of illegal file sharing using BitTorrent continues to grow and most of file sharers and downloader are unconcerned legal action to transfer copywrite-protected files. However, it is difficult to gather enough probative evidence to prosecute illegal file sharers in criminal court and/or sued for damages in civil court. Further, there is a lack of research on investigation techniques to reveal illegal BitTorrent sharers. This is because the role of the server in BitTorrent networks has been changed compared to servers in conventional P2P networks. As a result, it is difficult to apply previous investigation processes for investigation of conventional P2P networks to the investigation of suspected illegal file sharing using BitTorrent. This paper proposes a methodology for the investigation of illegal file sharers using BitTorrent networks through the use of a P2P digital investigation process.

Unraveling the bittorrent ecosystem

Parallel and Distributed Systems, IEEE Transactions on, 2009

BitTorrent is the most successful open Internet application for content distribution. Despite its importance, both in terms of its footprint in the Internet and the influence it has on emerging P2P applications, the BitTorrent Ecosystem is only partially understood. We seek to provide a nearly complete picture of the entire public BitTorrent Ecosystem. To this end, we crawl five of the most popular torrent-discovery sites over a ine-month period, identifying all of 4.6 million and 38,996 trackers that the sites reference. We also develop a high- ...

BTWorld: towards observing the global BitTorrent file-sharing network

Today, the BitTorrent Peer-to-Peer file-sharing network is one of the largest Internet applications---it generates massive traffic volumes, it is deployed in thousands of independent communities, and it serves millions of unique users worldwide. Despite a large number of empirical and theoretical studies, observing the state of the global BitTorrent network remains a grand challenge for the BitTorrent community. To address this challenge, in this work we introduce BT-World, an architecture for observing the global BitTorrent network without help from the ISPs. We design BTWorld around three main features specific to BitTorrent measurements. First, our architecture is able to find public trackers, that is, the BitTorrent components that offer unrestricted service to peers around the world. Second, by observing the state of these trackers, BTWorld obtains information about the performance, scalability, and reliability of BitTorrent. Third, BTWorld is designed to pre-process the large volumes of recorded data for later analysis. We demonstrate the viability of our architecture by deploying it in practice, to observe and analyze one week of operation of a large part of the global BitTorrent network--over 10 million swarms and tens of millions of concurrent users. We also show that BT-World can shed light on BitTorrent phenomena, such as the presence of spam trackers and giant swarms.

Measuring the bittorrent ecosystem: Techniques, tips, and tricks

IEEE Communications Magazine, 2011

BitTorrent is the most successful peer-to-peer application. In the last years the research community has studied the BitTorrent ecosystem by collecting data from real BitTorrent swarms using different measurement techniques. In this paper we present the first survey of these techniques that constitutes a first step in the design of future measurement techniques and tools for analyzing large scale systems. The techniques are classified into Macroscopic, Microscopic and Complementary. Macroscopic techniques allow to collect aggregated information of torrents and present a very high scalability being able to monitor up to hundreds of thousands of torrents in short periods of time. Rather, Microscopic techniques operate at the peer level and focus on understanding performance aspects such as the peers' download rates. They offer a higher granularity but do not scale as well as the Macroscopic techniques. Finally, Complementary techniques utilize recent extensions to the BitTorrent protocol in order to obtain both aggregated and peer level information. The paper also summarizes the main challenges faced by the research community to accurately measure the BitTorrent ecosystem such as accurately identifying peers or estimating peers' upload rates. Furthermore, we provide possible solutions to address the described challenges.

BitTorrent Monitoring and Statistics

2012

1 Abstract We developed a monitoring framework able to monitor the BitTorrent protocol from a clients perspective and an analysis method to interpret the results. We focused on the number of peers in a particular swarm and if we can reliably measure the distribution of peers over ISPs. These results are used to measure the effect of blockades of sites forced on the ISPs.

Measuring and modeling the BitTorrent content distribution system

Computer Communications, 2010

The paper reports on a detailed study of the BitTorrent content distribution system. We first present a measurement infrastructure designed to allow detailed, message-level capture and analysis of P2P traffic. An associated modeling methodology is presented as well. These tools have been used to measure and model the BitTorrent protocol, which is observed to exhibit exponential characteristics of session interarrival times. We also observe that session durations and sizes are modeled with a lognormal distribution.

A Week in the Life of the Most Popular BitTorrent Swarms

2010

T he popularity of peer-to-peer (P2P) file distribution is c networ ks lend themselves well to the unauthorised distribution of copyrighted material due to their ease of use, the abundance of material available and the apparent anonymity awarded to the downloaders. T his paper presents the results of an investigation conducted on the top 100 most popular Bit Tor rent swarms over the course of one week. T he purpose of this investigation is to quantify the scale of unauthorised distribution of copyrighted material through the use of the Bit Tor rent protocol. E ach IP address, which was discovered over the period of the weeklong investigation, is mapped through the use of a geolocation database, which results in the ability to determine where the participation in these swarms is prominent worldwide.

Strange Bedfellows: Community Identification in BitTorrent

While P2P systems benefit from large numbers of interconnected nodes, each of these connections provides an opportunity for eavesdropping. Using only the connection patterns gathered from 10,000 BitTorrent (BT) users during a one-month period, we determine whether randomized connection patterns give rise to communities of users. Even though connections in BT require not only shared interest in content, but also concurrent sessions, we find that strong communities naturally form -users inside a typical community are 5 to 25 times more likely to connect to each other than with users outside. These strong communities enable guilt by association, where the behavior of an entire community of users can be inferred by monitoring one of its members. Our study shows that through a single observation point, an attacker trying to identify such communities can uncover 50% of the network within a distance of two hops. Finally, we propose and evaluate a practical solution that mitigates this threat.