ML enhanced security in P2P overlay networks
Course Project for CSC579: Overlay and Peer-to-Peer Networking
Proposed by: Alpar Arman
Date: Feburary 7, 2025
Proposed by: Alpar Arman
Date: Feburary 7, 2025
The importance of securing P2P networks cannot be overstated. In real world systems like BitTorrent, Ethereum, and IPFS, malicious actors can manipulate network routing, overload nodes with traffic, or create multiple fake identities to disrupt network trust.
Most security solutions today were designed for centralized networks, where a single authority can monitor and block attacks. P2P networks do not work that way, they do not have a central control point. This makes traditional security methods less effective. Many existing solutions also struggle to detect new types of attacks, require too much computing power, or flag too many false positives.
This project proposes an AI driven security system that can learn, adapt, and respond to cyber threats in real time. By combining machine learning with decentralized protection strategies, the goal is to create a more reliable and efficient way to secure P2P networks.
Literature Review
P2P networks enable decentralized communication and resource sharing without relying on a central authority. While this architecture supports scalability and fault tolerance, it also introduces a variety of security challenges. Traditional security mechanisms designed for centralized client-server networks are often ineffective in P2P environments, where there is no unified control and trust must be established among autonomous and potentially untrusted peers. This leaves P2P overlays exposed to a range of attacks, including Sybil infiltration, DDoS, and routing-level attacks such as Eclipse. Moreover, conventional rule-based defenses, including signature-based intrusion detection and static access control, often fail to detect novel threats and are prone to generating false positives. As a result, the research community has shown increasing interest in intelligent and adaptive security mechanisms, particularly those powered by machine learning and artificial intelligence.
Recent academic efforts have explored the application of ML to enhance P2P network security, leveraging its ability to analyze data patterns, detect anomalies in real time, and adapt to evolving attack strategies. This literature review examines the state of the art in P2P security with a focus on ML-driven defenses over the last five years. It discusses prominent P2P security threats, including Sybil attacks, DDoS, Eclipse, and routing misbehavior, and reviews the effectiveness and limitations of existing countermeasures. The survey then explores how supervised and unsupervised ML techniques have been applied to network intrusion detection and anomaly detection, particularly in distributed systems like P2P overlays, and compares these methods to traditional rule-based approaches.
Sybil attacks remain a persistent threat in P2P networks due to the ease with which an attacker can forge multiple identities. Without a centralized authority, it is difficult to validate peer identities, and various defense strategies have emerged. These include identity certification through trust networks, resource-testing schemes such as proof-of-work, and ML-based behavior analysis. While each approach raises the cost of Sybil attacks, none can fully prevent them in open systems. Recent work in IoT and sensor networks shows that ML classifiers can learn to distinguish Sybil nodes based on their traffic or communication patterns, though success depends on high-quality training data and resilience to adaptive attackers.
DDoS attacks in P2P environments typically involve overwhelming a target node with excessive requests, degrading its availability. Mitigation techniques include local rate limiting, connection caps, and reputation-based peer filtering. In structured overlays like those using Kademlia, redundancy in routing paths can offer some resilience, but well-resourced adversaries can still cause significant disruption. ML has been applied to detect DDoS behavior by recognizing anomalous traffic patterns and dynamically adjusting thresholds. However, distinguishing between legitimate traffic surges and coordinated attacks remains a challenge, especially without centralized visibility.
Eclipse and routing attacks target the structure of P2P overlays by manipulating routing tables or monopolizing a node’s neighbors. Eclipse attacks can isolate a victim from honest nodes, while routing poisoning can divert or suppress queries. Proposed defenses include maintaining neighbor diversity, randomized peer sampling, and periodic reconfiguration of peer connections. ML can aid in detecting such attacks by monitoring routing patterns and identifying unusual connectivity behaviors. Reinforcement learning, in particular, offers a method for adaptive response, where a defense agent learns over time how to best mitigate attacks through feedback from the network's state.
Other attack vectors include content poisoning, malware distribution, and privacy violations. These are especially relevant in P2P file-sharing systems, where attackers can insert corrupted files or monitor peer activity. Cryptographic integrity checks and anonymous routing techniques can mitigate some risks, but attackers continually adapt. The rise of P2P botnets has also highlighted how the same decentralized robustness that protects legitimate systems can be exploited for malicious purposes.
Defensive strategies often combine cryptographic, structural, and behavioral components. Rule-based systems like static firewalls or signature-matching intrusion detectors are efficient against known threats but lack adaptability. ML approaches, particularly anomaly detection, provide the flexibility to identify unknown or evolving attacks by learning patterns of normal behavior. Techniques such as clustering, statistical outlier detection, and deep learning models including autoencoders and recurrent neural networks have been applied to intrusion detection with promising results. For example, RNNs have demonstrated superior accuracy in classifying temporal traffic patterns, while autoencoders offer unsupervised anomaly detection by reconstructing known traffic and flagging deviations.
Ensemble and hybrid models have gained traction by combining the strengths of rule-based and ML-based systems. For instance, systems that use ML to detect anomalies can validate alerts against signature databases to reduce false positives. In turn, rule-based outputs can serve as features for ML classifiers. These hybrid systems have shown higher accuracy and lower false alarm rates in practice.
In decentralized environments like P2P networks, collaborative or distributed intrusion detection is essential. Collaborative intrusion detection systems distribute detection logic across multiple nodes, sharing observations to detect distributed attacks. Techniques such as semi-supervised learning and federated learning enable nodes to improve their local models without sharing raw data, addressing both privacy and scalability concerns. Research has shown that sharing model updates or using disagreement-based learning between detectors can enhance detection accuracy in distributed systems like IoT and P2P overlays.
Adversarial ML poses a growing concern in security applications. Attackers may attempt to evade ML detection by crafting inputs that appear benign or by poisoning training data. Ensuring the robustness of ML-based detectors requires techniques such as adversarial training, explainable AI, and robust ensemble learning. In distributed systems, attackers might exploit inconsistencies between peers or inject misleading data, making resilience a critical area of ongoing research.
The integration of RL into security introduces adaptive defense capabilities. RL agents can dynamically adjust network policies, such as traffic throttling or peer blacklisting, based on real-time feedback. In a P2P overlay, RL can be used to adapt the topology or route around compromised regions. Studies have shown that RL-based defenses can learn nuanced responses that outperform static rules, though defining appropriate reward functions and ensuring safe exploration remain challenges.
Emerging concepts like self-healing networks and proactive threat hunting reflect the trend toward adaptive, autonomous defense systems. ML-enabled monitoring can detect early signs of attacks, such as traffic surges or anomalous peer behavior, and trigger preemptive responses. Some systems use moving target defense strategies to make network configurations unpredictable to attackers, a tactic that can be guided by ML or RL models optimizing both security and performance.
Despite these advances, several research gaps remain. Many ML-based security solutions assume centralized control and data aggregation, which contradicts the decentralized nature of P2P networks. More research is needed on decentralized ML, where peers train models locally and share insights without compromising privacy. Graph neural networks are an emerging approach that could model the structural properties of P2P overlays and identify abnormal patterns in connectivity or behavior. Trust and robustness are also key concerns in collaborative detection: adversaries may attempt to feed false data into shared models or manipulate consensus mechanisms. Techniques such as secure aggregation, blockchain-backed alert sharing, and privacy-preserving ML can help address these issues.
Furthermore, most studies evaluate ML models in limited simulations or static datasets. Real-world P2P networks exhibit high churn, varied latency, and heterogeneous device capabilities. To assess the practicality of AI-driven defenses, large-scale and dynamic simulations are necessary. Balancing security and resource consumption is also vital, as P2P nodes may operate on constrained hardware. Lightweight ML models and tiered detection strategies can help optimize efficiency.
In conclusion, ML and RL offer significant promise for securing P2P networks through adaptive, intelligent defenses. While foundational research on P2P security and ML-based intrusion detection exists, their convergence remains an active and evolving area. Future work must address decentralization, adversarial resilience, and scalability to bring these techniques into practical deployment. A well-designed ML-enhanced framework for P2P security could enable nodes to detect, respond, and learn from attacks autonomously, preserving the core benefits of decentralization without compromising security.
My Approach
This project will develop a ML enhanced security framework for Kademlia-based P2P networks, focusing on detecting and mitigating multiple attack types. The approach consists of:
A structured P2P overlay network based on Kademlia will be built using NetworkX in Python. The network will support key-value storage, routing, and peer discovery, ensuring a realistic testing environment.
I will introduce different attacks: DDoS flooding, Sybil attacks, routing table poisoning, and eclipse attacks. Each attack will be carefully implemented to assess the network’s vulnerabilities.
I will train different ML models, and choose the best one for identifying malicious behaviors. The model will analyze traffic flow, node interactions, and routing anomalies to detect attacks effectively.
Using reinforcement learning, the system will dynamically respond to attacks by applying mitigation techniques such as node isolation, traffic throttling, and collaborative defense mechanisms.
The framework will be evaluated based on detection accuracy, false positive rate, network latency impact, and mitigation effectiveness to ensure it meets practical security requirements.
Results
A fully functional AI-driven security framework for P2P networks.
An evaluation report comparing different ML models and attack mitigation strategies.
Documented attack simulations with analysis.
Source code and implementation documentation.
Final project presentation and website showcasing findings.
Feb 9 - Feb 23: Implement Kademlia-based P2P network and validate key-value storage.
Feb 24 - Mar 8: Implement and test attack scenarios.
Mar 9 - Mar 22: Train and optimize ML models for attack detection.
Mar 23 - Apr 5: Implement adaptive security response using reinforcement learning.
Apr 6 - Apr 11: Final testing, documentation, and project presentation.
Python (NetworkX, Scikit-learn, TensorFlow, PyTorch) for simulation and ML.
Google Colab for training ML models with GPU support.
GitHub repository for source code management.
Public website for documenting findings.
References
[1] J. R. Douceur, “The Sybil Attack,” in Proc. 1st Int. Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002, doi: 10.1007/3-540-45748-8_24.
[2] E. Palomar, J. M. Estevez-Tapiador, J. C. Hernandez-Castro, and A. Ribagorda, “Security in P2P Networks: Survey and Research Directions,” Lecture Notes in Computer Science, vol. 4097, pp. 183–192, Aug. 2006, doi: 10.1007/11807964_19.
[3] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse Attacks on Bitcoin’s Peer-to-Peer Network,” in Proc. 24th USENIX Security Symp. (USENIX Security 15), Aug. 2015, pp. 129–144. [Online]. Available: https://www.usenix.org/conference/usenixsecurity15/technicalsessions/presentation/heilman
[4] A. Arshad, M. A. Azad, A. Paul, and S. S. A. R. Zaidi, “A Survey of Sybil Attack Countermeasures in IoT-Based Wireless Sensor Networks,” PeerJ Comput. Sci., vol. 7, p. e673, Feb. 2021, doi: 10.7717/peerjcs.673.
[5] H. Li, R. Lu, and M. M. Mahmoud, “Security and Privacy of Machine Learning Assisted P2P Networks,” Peer-to-Peer Netw. Appl., vol. 13, no. 6, pp. 2234–2236, Nov. 2020, doi: 10.1007/s12083- 020-01036-z.
[6] MDPI Applied Sciences, “Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey,” Appl. Sci., vol. 9, no. 20, Oct. 2019, doi: 10.3390/app9204396.
[7] C. Yin, Y. Zhu, J. Fei, and X. He, “A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks,” IEEE Access, vol. 5, pp. 21954–21961, Oct. 2017, doi: 10.1109/ACCESS.2017.2762418.
[8] Z. Chen, W. Li, Z. Lv, and H. Song, “Enhancing Collaborative Intrusion Detection via DisagreementBased Semi-Supervised Learning in IoT Environments,” J. Netw. Comput. Appl., vol. 161, Apr. 2020, doi: 10.1016/j.jnca.2020.102630.
[9] S. Ahmadi, “Adaptive Cybersecurity: Dynamically Retrainable Firewalls for Real-Time Network Protection,” arXiv preprint, arXiv:2501.09033, Jan. 2025, doi: https://doi.org/10.48550/arXiv.2501.09033
[10] National Institute of Standards and Technology (NIST), “Guidelines on AI for Cybersecurity,” NIST Special Publication, 2022. [Online]. Available: https://sciencedirect.com
[11] E. Palomar, J. M. Estevez-Tapiador, J. C. Hernandez-Castro, and A. Ribagorda, “Security in P2P Networks: Survey and Research Directions,” Lecture Notes in Computer Science, vol. 4097, pp. 183–192, Aug. 2006, doi: 10.1007/11807964_19.
[12] H. Li, R. Lu, and M. M. E. A. Mahmoud, “Security and privacy of machine learning assisted P2P networks,” Peer-to-Peer Networking and Applications, vol. 13, pp. 2234–2236, Jun. 2020, doi: 10.1007/s12083-020-00922-5.