Fake servers in edonkey networks

Abstract

With the growth of the popularity of various P2P file-sharing systems, the tussle between ordinary P2P users and copyright protectors becomes more and more fierce. The con- tests of servers (supernodes), the key components of these systems, have turned to be the focus of the combat. Some copyright protectors or pollution companies have established their own servers so as to control more users and pollute the whole system, while the users also take measures to identify these fake servers and prevent files from being polluted. To our knowledge, we are the first to study fake servers in eDonkey networks. We developed a dedicated crawler and traced eDonkey users for over 24 days. Based on our measurements, we find that fake servers, which account for more than 59.4% in number although, don't work well in attracting ordinary users. The users, who have once connected to one of these fake servers, take only 30.9% of all traced users. Even worse, the low stay time ratio of users on fake server shows that fake servers lack mechanisms or incentives to keep users stay longer. However, we cannot underestimate the potential influences of fake servers yet. From our analysis, fake servers indeed disturb users' stay distribution at the rank of normal server. Taking the popularity distribution of servers (Zipf-like) into account, we suggest that copyright protectors should try to control several popular servers instead of setting up many unpopular ones. Furthermore, the probability of potential contacts between good and bad users is high enough (94%). For copyright protectors, utilizing these frequent contacts to spread viruses or polluted files will bring great trouble or even disasters for eDonkey networks. In addition, the existing method (blacklisting) cannot keep up with the dynamic updates of fake servers, so we proposed an online heuristic feature-based detection method. We think it can be adopted by client software developers for real-time fake server detection.