Design And Research Of P2P Traffic Identification System

With the developing and widely used of P2P , a lot of network bandwidth is taken. P2P applications take advantage to users while impacting the ordinary experience of normal network applications. In order to provide better network service quality, the identification and control of P2P traffic is more and more important.Behavior recognition and deep packet inspection are the commonly used methods for P2P identifying. Behavior recognition can identify new P2P traffic, but the accuracy is relatively low and it can not further distinguish traffic to different P2P applications. So the traffic can not controlled distinctively. Deep packet inspection has higher recognition accuracy rate. However, the accession of packet characteristics is difficult and not timely updates. The monitoring software can not identify the traffic for the new P2P application in a long time. With the combination of these two method , the shortcomings can be avoided. Netfilter-based monitoring system, bypass monitoring system and bridge monitoring system are common traffic monitoring program. Netfilter-based system would change the topology of the network, and has low processing power. It's suitable for small area networks.Bypass monitoring system connect third-party system to network. The third-party system mainly identify the traffic mirrored form network. Then it report the result to the gateway for controlling. This monitoring system has complicated realizable process. Bridge monitoring system insert the monitoring equipment into network to identify and control traffic. The system does not affect the network topology and can process higher traffic. The system described by this paper is a kind of bridge monitoring systems.It can identify traffic precisely by both DPI and SVM method without affecting the network with adding traffic monitoring module to Linux bridge. DPI has accurate identification, while SVM methods can detect new P2P traffic and extract the packet signature for deep packet inspection. Experimental results show that the system can accurately identify and control P2P traffic, and can extract the P2P traffic signatures correctly and timely.