Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers.

Contraband files might include pirated movies, music, or software, and even child pornography. When the tool detects such a file, it keeps a record of the network addresses involved for later analysis, says Major Karl Schrader, who led the work at the Air Force Institute of Technology, in Kettering, OH.

The use of peer-to-peer (P2P) software and of the BitTorrent protocol in particular have increased steadily over recent years. In fact, for many Internet service providers (ISPs), the vast majority of Internet traffic now consists of P2P transfers.

ISPs are generally only interested in detecting this type of traffic in order to control, or “throttle,” it and free up bandwidth for other uses. However, this approach reveals nothing about the contents of each transfer, says Schrader. A handful of network-monitoring tools can identify specific BitTorrent files, but the process is generally slow, since the contents of each file have to be examined. The time that this takes also increases exponentially as the number of files that need to be scanned grows.

“Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,” says Schrader. It works, he says, by first spotting files that bare the hallmark of the BitTorrent protocol by examining the first 32 bits of the files’ header data. Then the system looks at the files’ hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.

“I’m convinced that the solution works and that it will be quite cheap, as it is very specialized,” says Hendrik Schulze, chief technology officer of Ipoque, a network analysis company based in Leipzig, Germany. More generalized solutions that try to monitor for a wide range of file types may be more flexible, he says, but they will also be more expensive.

One reason why the new technique is so fast is that the apparatus required consists of a specially configured field programmable gate array (FPGA) chip and a flash-memory card that stores a log of the illicit activity.

10 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, protocols, P2P, file sharing, file-sharing networks, BitTorrent

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me