Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies

The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet protocols and networks lend themselves well to being exploited by criminals to execute a large range of cybercrimes. The types of crimes aided by P2P technology include copyright infringement, sharing of illicit images of children, fraud, hacking/cracking, denial of service attacks and virus/malware propagation through the use of a variety of worms, botnets, malware, viruses and P2P file sharing. This project is focused on study of active P2P nodes along with the analysis of the undocumented communication methods employed in many of these large unstructured networks. This is achieved through the design and implementation of an efficient P2P monitoring and crawling toolset. The requirement for investigating P2P based systems is not limited to the more obvious cybercrimes listed above, as many legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, voice over IP, instant messaging, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. In this work we introduce the Universal P2P Network Investigation Framework (UP2PNIF), a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in P2P network functionality. In combination with a reference database of known network characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework, which can intelligently determine the best investigation methodology and greatly expedite the evidence gathering process. A proof of concept tool was developed for conducting investigations on the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital Forensics and Cybercrime Investigation in the School of Computer Science, University College Dublin in October 201

Energy aware and privacy preserving protocols for ad hoc networks with applications to disaster management

Disasters can have a serious impact on the functioning of communities and societies. Disaster management aims at providing efficient utilization of resources during pre-disaster (e.g. preparedness and prevention) and post-disaster (e.g. recovery and relief) scenarios to reduce the impact of disasters. Wireless sensors have been extensively used for early detection and prevention of disasters. However, the sensor\u27s operating environment may not always be congenial to these applications. Attackers can observe the traffic flow in the network to determine the location of the sensors and exploit it. For example, in intrusion detection systems, the information can be used to identify coverage gaps and avoid detection. Data source location privacy preservation protocols were designed in this work to address this problem. Using wireless sensors for disaster preparedness, recovery and relief operations can have high deployment costs. Making use of wireless devices (e.g. smartphones and tablets) widely available among people in the affected region is a more practical approach. Disaster preparedness involves dissemination of information among the people to make them aware of the risks they will face in the event of a disaster and how to actively prepare for them. The content is downloaded by the people on their smartphones and tablets for ubiquitous access. As these devices are primarily constrained by their available energy, this work introduces an energy-aware peer-to-peer file sharing protocol for efficient distribution of the content and maximizing the lifetime of the devices. Finally, the ability of the wireless devices to build an ad hoc network for capturing and collecting data for disaster relief and recovery operations was investigated. Specifically, novel energy-adaptive mechanisms were designed for autonomous creation of the ad hoc network, distribution of data capturing task among the devices, and collection of data with minimum delay --Abstract, page iii

Networks, complexity and internet regulation: scale-free law

No description supplie

The ambivalences of piracy : BitTorrent media piracy and anti-capitalism

This thesis argues that a more nuanced study of online media piracy is necessary in order to augment the dominant focus on piracy's relationship to copyright. Copyright as a frame for understanding piracy's relationship to capitalism has left potentially more crucial areas of study neglected. An approach to understanding the relationship of media piracy to anticapitalist projects must engage with forms of media piracy in their specificity and not as a homogeneous field. The thesis argues that it is possible and necessary to push beyond the constraints of copyright activism and intellectual property and in so doing opens up new areas of inquiry into online media piracy's potential to challenge logics of property and commodification. Original research is presented in the form of a highly detailed description and analysis of private BitTorrent filesharing sites. These sites are secretive and yet to receive scholarly attention in such a detailed and systematic way. This research finds both public and private variants of BitTorrent media piracy to be highly ambivalent with regards to their transformative potentials in relation to capital and thus tempers more extreme views of piracy as wholly revolutionary and emancipatory, and those that see pirate as a 'simple' form of theft. Public and private BitTorrent filesharing are theorised through the lens of Autonomist Marxism, a perspective that has a novel view of technology both as a tool of domination and a force for potential emancipation. Piracy is analysed for its capacity to refuse the valorisation of the enjoyment of music or film via the surveillance and tracking of audiences, which has become typical for contemporary legal online distribution venues. The thesis further analyses BitTorrent piracy's relationship to the 'common', the shared capacities for creating knowledge, ideas, affects. The thesis concludes that further scholarly research must move beyond concerns for creators' remuneration and its focus on reforming existing copyright policy and instead engage with the emergent institutional structures of organised media piracy. Though publicly accessible BitTorrent piracy has contributed to a broadening of awareness about issues of access to information, such an awareness often leaves in place logics of private property and capitalist accumulation. Finally, the thesis argues that the richness and complexity of private sites' organisational valences carry with them greater potential for radically destabilising capitalist social relations with regard to the distribution of cultural production

Curated Innovation

The regulation of innovation-intensive industries is a critical issue for both innovation policy and regulation. In this Article, I propose a new framework to the way innovation-intensive industries are regulated. My proposal is a four-pronged model, which I term “Curated Innovation.” In the first stage, policymakers would set a standard that would represent the outcome the regulation seeks to achieve. Second, policymakers would launch a competition, where innovative technologies or methods would race to meet the standard that was defined. Third, policymakers would select the methods or technologies that come closest to meeting the standard and create an incentive in the marketplace to adopt them. Such incentives can come in various forms, such as prizes, expedited patent paths, or safe harbors from liability. Finally, policymakers would reconvene periodically to update the standard and examine the performance of new technologies or methods. Adoption of the Curated Innovation model would yield four key advantages. First, this model would improve the effectiveness of regulation because it would induce market-players to aim at the standard policymakers would set. Second, this model would spur innovation in the market by forming a path to the diffusion of the innovative solutions into the market. Hence, this model would ensure that innovation that has social value is not only produced but also adopted in the marketplace. Finally, this model would lead to evolvement of legal standards: it provides a dynamic process where the regulatory standard is constantly examined and updated to meet societal goals at an increasing rate of efficiency

Erkennung und Vermeidung von Fehlverhalten in fahrzeugbasierten DTNs

Delay- and Disruption-Tolerant Networks (DTNs) are a suitable technology for many applications when the network suffers from intermittent connections and significant delays. In current vehicular networks, due to the high mobility of vehicles, the connectivity in vehicular networks can be highly unstable, links may change or break soon after they have been established and the network topology varies significantly depending on time and location. When the density of networked vehicles is low, connectivity is intermittent and with only a few transmission opportunities. This makes forwarding packets very difficult. For the next years, until a high penetration of networked vehicles is realized, delay-tolerant methods are a necessity in vehicular networks, leading to Vehicular DTNs (VDTNs). By implementing a store-carry-forward paradigm, VDTNs can make sure that even under difficult conditions, the network can be used by applications. However, we cannot assume that all vehicles are altruistic in VDTNs. Attackers can penetrate the communication systems of vehicles trying their best to destroy the network. Especially if multiple attackers collude to disrupt the network, the characteristics of VDTNs, without continuous connectivity, make most traditional strategies of detecting attackers infeasible. Additionally, selfish nodes may be reluctant to cooperate considering their profit, and due to hard- or software errors some vehicles cannot send or forward data. Hence, efficient mechanisms to detect malicious nodes in VDTNs are imperative. In this thesis, two classes of Misbehavior Detection Systems (MDSs) are proposed to defend VDTNs against malicious nodes. Both MDSs use encounter records (ERs) as proof to document nodes' behavior during previous contacts. By collecting and securely exchanging ERs, depending on different strategies in different classes of MDSs, a reputation system is built in order to punish bad behavior while encouraging cooperative behavior in the network. With independently operating nodes and asynchronous exchange of observations through ERs, both systems are very well suited for VDTNs, where there will be no continuous, ubiquitous network in the foreseeable future. By evaluating our methods through extensive simulations using different DTN routing protocols and different realistic scenarios, we find that both MDS classes are able to efficiently protect the system with low overhead and prevent malicious nodes from further disrupting the network.In Netzwerken mit zeitweisen Unterbrechungen oder langen Verzögerungen sind Delay- and Disruption-Tolerant Networks (DTNs) eine geeignete Technologie für viele Anwendungen. Die Konnektivität in Fahrzeugnetzen ist bedingt durch die hohe Mobilität und die geringe Verbreitung von netzwerkfähigen Fahrzeugen oft instabil. Bis zur flächendeckenden Verbreitung von netzwerkfähigen Fahrzeugen ist es daher zwingend notwendig auf Methoden des Delay Tolerant Networking zurückzugreifen um die bestmögliche Kommunikation zu gewährleisten. In diesem Zusammenhang wird von Vehicular Delay Tolerant Networks (VDTNs) gesprochen. Durch das Store-Carry-Forward-Prinzip kann ein VDTN Kommunikation für Anwendungen ermöglichen. Allerdings ist davon auszugehen, dass sich nicht alle Fahrzeuge altruistisch verhalten: Angreifer können Fahrzeuge übernehmen und das Netzwerk attackieren oder Knoten sind aus egoistischen Motiven oder auf Grund von Defekten unkooperativ. Verfahren, die Fehlverhalten in stabilen Netzen durch direkte Beobachtung erkennen können, sind in VDTNs nicht anwendbar. Daher sind Methoden, die Fehlverhalten in VDTNs nachweisen können, zwingend erforderlich. In dieser Arbeit werden zwei Klassen von Misbehavior Detection Systems (MDSs) vorgestellt. Beide Systeme basieren auf Encounter Records (ERs): Nach einem Kontakt tauschen zwei Knoten kryptografisch signierte Meta-Informationen zu den erfolgten Datentransfers aus. Diese ERs dienen bei darauffolgenden Kontakten mit anderen Netzwerkteilnehmern als vertrauenswürdiger Nachweis für das Verhalten eines Knotens in der Vergangenheit. Basierend auf der Auswertung gesammelter ERs wird ein Reputationssystem entwickelt, das kooperatives Verhalten belohnt und unkooperatives Verhalten bestraft. Dauerhaft unkooperative Knoten werden aus dem Netzwerk ausgeschlossen. Durch den asynchronen Austausch von Informationen kann jeder Knoten das Verhalten seiner Nachbarn selbstständig und unabhängig evaluieren. Dadurch sind die vorgestellten MDS-Varianten sehr gut für den Einsatz in einem VDTN geeignet. Durch umfangreiche Evaluationen wird gezeigt, dass sich die entwickelten MDS-Verfahren für verschiedene Routingprotokolle und in unterschiedlichen Szenarien anwenden lassen. In allen Fällen ist das MDS in der Lage das System mit geringem Overhead gegen Angreifer zu verteidigen und eine hohe Servicequalität im Netzwerk zu gewährleisten