A Framework for Digital Investigation of Peer-to-Peer (P2P) Networks. An Investigation into the Security Challenges and Vulnerabilities of Peer-to-Peer Networks and the Design of a Standard Validated Digital Forensic Model for Network Investigations
AuthorMusa, Ahmad S.
SupervisorAwan, Irfan U.
KeywordPeer-to-Peer (P2P) networks
The University of Bradford theses are licenced under a Creative Commons Licence.
InstitutionUniversity of Bradford
DepartmentDepartment of Computer Science. Faculty of Engineering and Informatics
MetadataShow full item record
AbstractPeer-to-Peer (P2P) Networks have been presenting many fascinating capabilities to the internet since their inception, which has made and is still gathering so much interest. As a result, it is being used in many domains, particularly in transferring a large amount of data, which is essential for modern computing needs. A P2P network contains many independent nodes to form a highly distributed system. These nodes are used to exchange all kinds of files without using a single server as in a Client-Server architecture. Such types of files make the network highly vulnerable to malicious attackers. Nevertheless, P2P systems have become susceptible to different malicious attacks due to their widespread usage, including the threat of sharing malware and other dangerous programs, which can be significantly damaging and harmful. A significant obstacle with the current P2P network traffic monitoring and analysis involves many newly emerging P2P architectures possessing more intricate communication structures and traffic patterns than the traditional client-server architectures. The traffic volume generated by these networks, such as uTorrent, Gnutella, Ares, etc., was once well over half of the total internet traffic. The dynamic use of port numbers, multiple sessions, and other smart features of these applications complicate the characterization of current P2P traffic. Transport-level traffic identification is a preliminary but required step towards traffic characterization, which this thesis addresses. Therefore, a novel detection mechanism that relies on transport-level traffic characterization has been presented for P2P network investigation The importance of the investigation necessitates the formalization of frameworks to leverage the integration of forensics standards and accuracy to provide integrity to P2P networks. We employed the standard Analysis, Design, Development, Implementation, and Evaluation (ADDIE) model to aid a credible digital investigation. We considered the ADDIE model for validation as a standard digital forensic model for P2P network investigations using the United States’ Daubert Standard, the United Kingdom's Forensic Science Regulator Guidance – 218 (FSR-G-218), and Forensic Science Regulator Guidance – 201 (FSR-G-201) methodologies. The solution was evaluated using a realistic P2P investigation and showed accurate load distribution and reliable digital evidence.
Showing items related by title, author, creator and subject.
An Exposition of Performance-Security Trade-offs in RANETs Based on Quantitative Network ModelsMiskeen, Guzlan M.A.; Kouvatsos, Demetres D.; Habib Zadeh, Esmaeil (2013)Security mechanisms, such as encryption and authentication protocols, require extra computing resources and therefore, have an adverse effect upon the performance of robotic mobile wireless ad hoc networks (RANETs). Thus, an optimal performance and security trade-off should be one of the main aspects that should be taken into consideration during the design, development, tuning and upgrading of such networks. In this context, an exposition is initially undertaken on the applicability of Petri nets (PNs) and queueing networks (QNs) in conjunction with their generalisations and hybrid integrations as robust quantitative modelling tools for the performance analysis of discrete flow systems, such as computer systems, communication networks and manufacturing systems. To overcome some of the inherent limitations of these models, a novel hybrid modelling framework is explored for the quantitative evaluation of RANETs, where each robotic node is represented by an abstract open hybrid G-GSPN_QN model with head-of-line priorities, subject to combined performance and security metrics (CPSMs). The proposed model focuses on security processing and state-based control and it is based on an open generalised stochastic PN (GSPN) with a gated multi-class 'On-Off' traffic and mobility model. Moreover, it employs a power consumption model and is linked in tandem with an arbitrary QN consisting of finite capacity channel queues with blocking for 'intra' robot component-to-component communication and 'inter' robot-to-robot transmission. Conclusions and future research directions are included.
Network Coding for Multihop Wireless Networks: Joint Random Linear Network Coding and Forward Error Correction with Interleaving for Multihop Wireless NetworksHu, Yim Fun; Pillai, Prashant; Susanto, Misfa (University of BradfordFaculty of Engineering and Informatics. School of Electrical Engineering and Computer Science, 2015)Optimising the throughput performance for wireless networks is one of the challenging tasks in the objectives of communication engineering, since wireless channels are prone to errors due to path losses, random noise, and fading phenomena. The transmission errors will be worse in a multihop scenario due to its accumulative effects. Network Coding (NC) is an elegant technique to improve the throughput performance of a communication network. There is the fact that the bit error rates over one modulation symbol of 16- and higher order- Quadrature Amplitude Modulation (QAM) scheme follow a certain pattern. The Scattered Random Network Coding (SRNC) system was proposed in the literature to exploit the error pattern of 16-QAM by using bit-scattering to improve the throughput of multihop network to which is being applied the Random Linear Network Coding (RLNC). This thesis aims to improve further the SRNC system by using Forward Error Correction (FEC) code; the proposed system is called Joint RLNC and FEC with interleaving. The first proposed system (System-I) uses Convolutional Code (CC) FEC. The performances analysis of System-I with various CC rates of 1/2, 1/3, 1/4, 1/6, and 1/8 was carried out using the developed simulation tools in MATLAB and compared to two benchmark systems: SRNC system (System-II) and RLNC system (System- III). The second proposed system (System-IV) uses Reed-Solomon (RS) FEC code. Performance evaluation of System IV was carried out and compared to three systems; System-I with 1/2 CC rate, System-II, and System-III. All simulations were carried out over three possible channel environments: 1) AWGN channel, 2) a Rayleigh fading channel, and 3) a Rician fading channel, where both fading channels are in series with the AWGN channel. The simulation results show that the proposed system improves the SRNC system. How much improvement gain can be achieved depends on the FEC type used and the channel environment.
Network coding for multicast communications over satellite networksJaff, Esua K.; Susanto, Misfa; Ali, Muhammad; Pillai, Prashant; Hu, Yim Fun (2015)Random packet errors and erasures are common in satellite communications. These types of packet losses could become significant in mobile satellite scenarios like satellite-based aeronautical communications where mobility at very high speeds is a routine. The current adaptive coding and modulation (ACM) schemes used in new satellite systems like the DVBRCS2 might offer some solutions to the problems posed by random packet errors but very little or no solution to the problems of packet erasures where packets are completely lost in transmission. The use of the current ACM schemes to combat packet losses in a high random packet errors and erasures environment like the satellite-based aeronautical communications will result in very low throughput. Network coding (NC) has proved to significantly improve throughput and thus saves bandwidth resources in such an environment. This paper focuses on establishing how in random linear network coding (RLNC) the satellite bandwidth utilization is affected by changing values of the generation size, rate of packet loss and number of receivers in a satellite-based aeronautical reliable IP multicast communication. From the simulation results, it shows that the bandwidth utilization generally increases with increasing generation size, rate of packet loss and number of receivers.