On The Multi-Layer Network Flow Identification Technology And Its Realization

The rapid development of Internet puts foward higher requirement on network surveil-lance network security and other issues. As a basic technology to deal with the aforemen-tioned issues, network flow recognition is now undergoing a more severe challenge. With the popularity of network address translation (NAT) technology and the port hiding technology, traditional port matching based network flow identification technology degrades significant-ly. Instead, the feature matching based network flow recognition and the statistical charac-teristics based network flow identification attract more and more reseach attention due to the achieved high precision and the capability of processing encrypted network flow. Network flow atrribute sets will be the basis and the key for the network flow recognition, the in-depth flow detection technology has emerged as the hot research subject, especially for the network flow extraction and recognition algorithm design. In this paper, we mainly focus on the multi-layer network flow identification mechanism and its realization in practical lab environment. The dissertation is organized as follows:Firstly, the paper briefly reviews the progress and the state of the art of the network flow identification, in particular the deep flow inspection method and deep packet inspection method. Secondly, the in-depth analysis of the network protocol stack and feature selection algorithm are presented to show that, the traditional feature selection algorithm based on Network flow balance hypothesis of average bytes leads to inaccurate network flow classifi-cation. A more stable network flow attribute set was proposed on the basis of Moore and others’results. In order to cope with the increased "imbalance" in the network flow generat-ed by diverse network applications, a new network flow identification technology was pro-posed based on the integrated cost sensitive algorithm to improve the accuracy of network flow classification and the accuracy rate of network stream byte classification. Then it is shown that, most of the deep flow inspection research results are based on different network flow data collected by Moore and others. While these data samples are no longer effective to fulfill the network surveillance requirements. In this dissertation, we use different set of fine network flow samples extracted from our laboratory network to investigate the recognition performance of fine network flow by employing the deep flow inspection. It is shown that, by using the homepage network flow smaples to recognize the sub-webpage, the difficulty in the network flow smaples for the deep flow inspection can be ameliorated. Finally, this paper designs and realizes a set of network flow identification system by integrating the ad- vantages of both the deep packet inspection and the deep flow inspection, where all the in-volved modules and critical technologies are briefly introduced.All the works in this dissertation provide good reference for the further investigation and optimized multiple-layer network flow identifications.