Peer-to-Peer (P2P) file sharing is one of the most commonly used methods for sharing files over a network, especially large files such as videos or music recordings. In North America, P2P file-sharing networks occupied approximately 50% of the network traffic in 2011 [3]. Many files shared through P2P networks are related to Internet piracy or unintentional file sharing. Foxy P2P network, a typical search-based P2P network, is in the spotlight for sensitive file sharing. Peers download the files by using keywords instead of resource links. Therefore, the investigation mechanisms developed to identify the first seeder in Bit-Torrent network – another type of P2P network [54], cannot be applied to this scenario.
Identifying the first seeder is the critical step in P2P investigation. The investigator cannot collect necessary evidence without locating the first seeder. Therefore, conducting forensic analysis is impossible. Moreover, validating the actual first seeder will be challenging when more than one uploader is identified.
This study started by analyzing different P2P networks and comparing their underlying features. Categorizing the P2P file-sharing networks resulted in the identification of the key functions for file sharing. Two difficulties in Foxy network investigation, namely, unknown file publication time and uncertainty of network coverage by uploaders and downloaders, were also highlighted.
To further examine the Foxy P2P network, a controlled testing environment for the P2P network was developed in a network simulation environment (i.e., NS-3). Tests were conducted in the simulation environment, and the effects of various attributes (file size, file transfer rate, file popularity) on the growth of the number of uploaders (represented by the seeder curve) were analyzed.
Results demonstrated that the shape of the seeder curve was affected by the file propagation feature of the file-sharing activity. The slow-rising period, which represented the competition for the file content being shared among peers, was recorded at the initial stage of file sharing in the P2P network. Competition for file content is one of the key factors related to the success or failure in performing P2P investigation through the simulation environment.
An investigation algorithm and four validation rules were proposed based on the above key factor to perform P2P investigation. Through controlled and randomly selected experiments, the investigation could be applied to the search-based P2P file-sharing environment as long as the required slow-rising period in other P2P networks was followed [68].
Analysis of the experimental results demonstrated the ability of the proposed investigation model and the validation rules. The results verified and confirmed the observed seeder in the P2P file-sharing scenario if competitions among downloaders for the shared file content existed. The limitations of the P2P investigation and validation model were also discussed. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy
| Identifer | oai:union.ndltd.org:HKU/oai:hub.hku.hk:10722/191199 |
| Date | January 2013 |
| Creators | Ieong, Sze-chung, Ricci., 楊思聰. |
| Contributors | Chow, KP |
| Publisher | The University of Hong Kong (Pokfulam, Hong Kong) |
| Source Sets | Hong Kong University Theses |
| Language | English |
| Detected Language | English |
| Type | PG_Thesis |
| Source | http://hub.hku.hk/bib/B50662247 |
| Rights | The author retains all proprietary rights, (such as patent rights) and the right to use in future works., Creative Commons: Attribution 3.0 Hong Kong License |
| Relation | HKU Theses Online (HKUTO) |
Page generated in 0.0016 seconds