Measurement and Analysis of Child Pornography Trafficking on P2P Networks
My paper Measurement and Analysis of Child Pornography Trafficking on P2P Networks, written in collaboration with other members of the Center for Forensics, has been accepted for publication in the proceedings of the International World Wide Web Conference.
In it, we examine a large data set collected over a year on both the Gnutella and eMule/eDonkey networks. We examine methods of target selection designed to reduce content availability (an NP-hard problem); and we discover an empirical justification for focusing on subgroups of peers that are the most aggressive, in terms of their duration and scope of activity, volume of shared content, or attempts to escape attribution.
We also find that users trafficking in child sexual abuse imagery on these networks who use Tor use it inconsistently. Over 60% of linkable user sessions send traffic from non-Tor IPs at least once after first using Tor, thus removing its protection; over 90% of sessions observed on three or more days fail likewise. These sessions are linkable by the remote host because at the application level, some protocols send consistent identifiers. This problem is well documented.