基于流量特征和载荷特征的P2P流量识别

本文分析了目前的P2P网络流量识别方法及其存在的问题。设计识别P2P流量的数据结构;在流量识别阶段,在传输层捕获TCP和UDP数据包,依据P2P流在传输层表现出来的主要流量特征,进行TCP/UDP流量特征的P2P流量识别;在载荷特征识别阶段,对载荷特征库定期更新,将在流量识别阶段中识别出的P2P流作精确载荷特征识别,并将流量识别阶段中漏掉的流量作载荷特征识别;在模式匹配过程采用比较指印函数值来加快识别速度;进而提出一个可准确识别出新生、加密的P2P流量及其名称的算法。实验结果表明,该算法具有较高识别和分类P2P流量的能力。

Identifying the P2P Flow Based on Traffic and Payload Characteristics

The existing P2P network flow identification methods are analyzed in this paper. The data structure of P2P flow identification is first designed. Secondly, during the traffic identification stage, the packets of TCP and UDP are captured on the transport layer, and the P2P flow of the TCP/UDP traffic is identified according to the main traffic characteristics of the P2P flow on the transport layer. Thirdly, during the payload characteristics identification stage, the database of payload characteristics is updated periodically, the payload characteristics are precisely identified from the P2P flow distinguished on the traffic identification stage, and the payload characteristics are also identified from the missed traffic on the traffic identification stage. Fourthly, during the pattern matching procedure, the value of the fingerprint function is applied to improve the speed of flow identification. Finally, an algorithm for identifying accurately the new and encrypted P2P flow and its name is presented. The experiments show that the presented algorithm can identify and classify the P2P flow more effectively.