Detection of Encrypted Traffic in eDonkey Network through Application Signatures

Peer-to-peer file sharing applications became very popular, being responsible for a large percentage of the network traffic. However, peer-to-peer traffic may compromise the performance of enterprise critical networked applications or network-based tasks or may overload the network infrastructure of Internet service providers, being desirable that this traffic be blocked in some situations. However, this task may be difficult to achieve, namely for networks operating at very high-speed bit rates and low latency and/or when the traffic is encrypted. This paper addresses the problem of detecting and blocking encrypted traffic generated by eMule, which is one of the most difficult to detect among popular peer-to-peer file sharing applications. The proposed method is based on eMule signatures, which are coded as SNORT rules, this system being used to detect and block eMule traffic. Experiments have been carried out to evaluate the proposed method. The contribution of the paper falls within peer-to-peer security or within legal and regulatory issues.