Decoy insertion (or content pollution) is a method by which corrupted versions of a particular file are inserted into the network. This deters users from finding an uncorrupted version and also increases distribution of the corrupted file. A malicious user pollutes the file by converting it into another format that is indistinguishable from uncorrupted files (e.g. it may have similar or same metadata). In order to entice users to download the decoys, malicious users may make the corrupted file available via high bandwidth connections. This method consumes a large amount of computing resources since the malicious server must respond to a large quantity of requests. As a result, queries return principally corrupted copies such as a blank file or executable files infected with a virus. There were known cases when a company had created a special version of a game and published it on file sharing services advertising it as cracked, having undocumented hidden functionality, making it impossible to win this variant of the game.
This method targets the index found in P2P file sharing systems. The index allows users to locate the IP addresses of desired content. Thus, this method of attack makes searching difficult for network users. The attacker inserts a large amount of invalid information into the index to prevent users from finding the correct resource. Invalid information could include random content identifiers or fake IP addresses and port numbers. When a user attempts to download the corrupted content, the server will fail to establish a connection due to the large volume of invalid information. Users will then waste time trying to establish a connection with bogus users thus increasing the average time it takes to download the file. The index poisoning attack requires less bandwidth and server resources than decoy insertion. Furthermore, the attacker does not have to transfer files nor respond to requests. For this reason, index poisoning requires less effort than other methods of attack.
Selective content poisoning (also known as proactive or discriminatory content poisoning) attempts to detect copyright violators while allowing legitimate users to continue to enjoy the service provided by an open P2P network. The protocol identifies a peer with its endpoint address while the file index format is changed to incorporate a digital signature. A peer authentication protocol can then establish the legitimacy of a peer when she downloads and uploads files. Using identity based signatures, the system enables each peer to identify infringing users without the need for communication with a central authority. The protocol then sends poisoned chunks to these detected users requesting a copyright protected file only. If all legitimate users simply deny download requests from known infringers, the latter can usually accumulate clean chunks from colluders (paid peers who share content with others without authorization). However, this method of content poisoning forces illegitimate users to discard even clean chunks, prolonging their download time. 1e1e36bf2d