TY - GEN
T1 - Bitstalker
T2 - 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009
AU - Bauer, Kevin
AU - McCoy, Damon
AU - Grunwald, Dirk
AU - Sicker, Douglas
PY - 2009
Y1 - 2009
N2 - BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.
AB - BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit-Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforcement agencies currently monitor BitTorrent swarms to identify users participating in the illegal distribution of copyrightprotected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification. To mitigate the potential for false positive peer identification, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called Bit Stalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.
KW - Data mining for forensic evidence
UR - http://www.scopus.com/inward/record.url?scp=77949844989&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77949844989&partnerID=8YFLogxK
U2 - 10.1109/WIFS.2009.5386457
DO - 10.1109/WIFS.2009.5386457
M3 - Conference contribution
AN - SCOPUS:77949844989
SN - 9781424452804
T3 - Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009
SP - 181
EP - 185
BT - Proceedings of the 2009 1st IEEE International Workshop on Information Forensics and Security, WIFS 2009
Y2 - 6 December 2009 through 9 December 2009
ER -