Research On Technologies Of Network Traffic Flow Monitoring Oriented To Service Recognition

Along with the emergence of more and more Internet and NGN (Next Generation Network) technologies, the number of broadband-access users has increased sharply; meanwhile, network applications become wider and wider so that great changes have taken place in operation environment. The appearance of various network applications, such as P2P, VoIP, VoD, IPTV, Game online, IM etc., needs more and more quality and bandwidth. In modern times, unsupervised VoIP service, P2P service, abnormal traffic and unmanaged shared access ties up a lot of bandwidth. The situation makes operation and management mode of traditional carriers to be in an extremely vulnerable position. The carriers gradually lose control of network applications; in the meantime, they increase financial input to improve network capacity which can't help them to share revenue of value added service because of serious network chanelized state. So it's so embarrassed for the traditional carriers. The severe case forces them to manage and operate the network in fine-grained level and provide diverse network services. From service monitoring and primary operation to advanced operation, they can provide management means and customized services for traffic inspection and service operation to improve their service quality. Aiming at the status and requirement, the paper mainly studies the technologies of traffic flow monitoring oriented to service recognition from the view of carriers, which can exhumate user application type and user behavior deeply, reduce the service losses result from shared access and raise their income of value added service by information push based on network traffic monitoring to play a pivotal role in transformation on carriers from channel provider to service provider.The paper radiates in service inspection, traffic control and interruption, shared access detection and Web push technology on the basis of service gathering and analysis technology. The key techniques are studied and solved in the service implementation to meet the needs of various application scenes and aspects to network monitoring and service. There are several features of the work as follows:1. In respect of service inspection and monitoring field, this paper does some research on service detection techniques from port-based, feature-based to user behavior-based technologies and service interrupt technologies based on TCP and UDP, especially traffic classification algorithms based on expert base and behavior feature. The paper proposes five feature mode of expert base in the detection field based on expert base and puts forward a new multi-flow detection technology which can solve some problem of difficulty to recognise some enciphered data, besides, it presents a new classification technology based on fractal dimension in behavior feature detection field to utilize the attribution of self-similarity in P2P application traffic for identification. Restriction, interference and interruption to special service flow are needed after identifying related service. Because the control technology in straight deployment mode has been mature and is easy to implement, the research on flow control technology in bypass deployment mode is a key point and a difficult one especially for connectionless UDP application. The paper also suggests 4 methods and concepts for controlling UDP application which can cover the mainstream UDP service traffic.2. In respect of Web push service field, after analyzing the popular Web push and advertisement push technologies, the paper proposes a new Web push approach, and then compares the shortages and advantages of 4 main Web push methods and comes to the conclusion of the scenario that each approach is fit for. Finally, the paper advised the policy of push service management to be considered from three levels, namely:user type, content to push and presentation way so that Web push has the quality of customization and relevance which can promote business development better.3. In respect of shared access detection field, the paper processes it as the most important study. By making detail analysis and deep study to the popular detection technologies for NATed hosts, the paper proposes 5 new types of detection algorithms, including passive Cookie algorithm, Inner-IP algorithm, active Cookie algorithm, system time algorithm and MTU algorithm. Then all the algorithms fall into two groups:passive algorithm and active algorithm. Finally the paper analyzes the merits and demerits of these algorithms and points out their limitation on application scenes. Based on this, the paper puts forwards an integrative model and system based on features of each algorithm. At first end users are classified according to user states, then the system makes use of passive algorithms to determine user type, after that utilizes active algorithms to calculate the number of NATed hosts exactly. This detection system has good scalability and hierarchy and can makes a new detection algorithm integrated easily, moreover it improves the accuracy of detection and avoids normal user experience to be interrupted.4. The paper introduces multi-track separating concept for the first time and builds the mathematical model of multi-track separating theory to deepen the technology of shared access detection so that the related theory and algorithms can be extended to more application areas. Meantime, the notion of constant-step circular track is present which can be finally turned into residue class circular track problem. The paper provides a multi-track separating algorithm based on bubble principle which separates tracks in accordance with descending order in attribute values by using the feature of variances about multi-tracks in turn, rather than applying the traditional separating method by track interval. The results indicate that this approach is highly accurate and convergent by detecting shared access hosts using the change regularity of IPID which has the character of constant-step circular track.5. In respect of the multi-track separating theory field, the paper defines a new type of track that is called binary XOR group circular track and then proposes a new separating algorithm for the kind of track, by which solving the element that is performed XOR operation with base track can be converted into deciding eigen bit mode of the track. It proves to be correct in theory and improves the operability and efficiency greatly. The results indicate that this approach is with high accuracy and tolerance of mis-report and needs small sample size to achieve the detection goals by detecting shared access hosts using the change regularity of DNS which has the character of XOR group circular track.