Abstract:
Sybil attack is a routine attack in P2P systems, which could crack the normal operations of P2P network. Kad is one of the most popular P2P file share systems. The current Kad software limits the number of IP addresses in a routing table, for rejecting the peers with the same IP. Consequently, the attacker must use multiple hosts to launch Sybil group attack, such that the traditional Sybil detection methods based on the same IP addresses do not work. As an alternative, this paper designs a novel method by leveraging routing table information in the malicious peer. Generally, the routing tables of Sybil in the same group have the similar structures. The peers in the same Sybil group are closely connected to each other, whereas the connections between different Sybil groups are sparse. Community detection in social network has the same features with Sybil groups. Therefore we employ CNM algorithm to detect the Sybil groups. In order to reduce the input size of CNM, several preprocessing methods are needed, such as pre-identifying the malicious peers, collecting their routing table items and peers clustering. The proposed approach is verified by inserting Sybil groups on Kad. And the experiment results show that our method is able to discover Sybil groups that have hundreds of peers. This method has been applied on Kad network and found several Sybil groups.