Research And Implement Of P2P Traffic Identification Based On Multiple Characteristics

With the development of Internet, the technology of P2P(Peer-to-Peer) has become one of the fastest growing network application. It has taken up about 60% to 80% of the total Internet business.The constantly increasing of P2P application benefits consumers greatly. But it consumes immense network bandwidth, which has a great impact on the network Qos. At the same time, using unsafe network environment to get P2P applications may bring viruses and baleful codes into internal network. For this reason, rapid identification and classification P2P traffic has become an urgent problem.With the widespread use of the dynamic port, application layer data encryption and blurred protocol features of P2P, the recognition rate of traditional port detection, deep packet inspection (DPI) and other P2P traffic identification methods decreases. Theses cases aggravated the difficulty of P2P traffic identification. Based Transport-layer propetties P2P traffic identification method use the transport layer characteristics as the test object, so it dose not need to detect data packet in-depth. Thus this method has strong ability in identifying port hopping and protocol unknown or protocol encrypted P2P traffic. Although the method has good scalability, but not on specific categories of applications.Shows a mature and standare P2P traffic identification method should not use only one P2P traffic identification technology, multiple technology should be combined.It investigates the operational principles of the existing several methods of P2P traffic identification and compares between them. It also works over the features and problems which come out during the process of the P2P traffic identification. The focus of this thesis is on the deep analysis of the characteristics on transport layer of P2P traffic. Through surveying the state of the connected node and the statistic of the inflow and outflow, it puts forward a new method of P2P traffic identification based on features of transport layer. This method can be operated and analyzed completely separated from the load information of data packet. In the fifth chapter, the thesis makes a careful study about the key technologies of traffic identification, such as packet capture, packet analysis, and hash table. In view of the weaknesses of the existing P2P traffic detective method, this paper advances an improved comprehensive detection method That is the multiple characteristics P2P traffic detective method. This method not only adopt multi-stage detection module, but also synthesize several detection schemes, for instance, the comprehensive port recognition, flow characteristic, and deep packet inspection. By depositing the recognized P2P connection information into trusted list and giving out the visits activity parameter, the flow data get through trusted list module first. It substantially improves the detection efficiency. Experimental results show that this algorithm has a higher ability in identifying P2P traffic. Compare to the traditional method of payload characteristic, this new method can recognize port hopping and data encrypted P2P traffic, categories the test result at application level, and improve detection efficiency. So this scheme has a better practical value.