Research On The Key Technologies Of Service Identification In IP Networks

The network traffic has advanced enormously over the last couple of years. This was due to the increase in network access speeds and the enormous growth in the number of connected users. These changes greatly affected the work of network administrators and Internet Service Providers, which want to identify different network services and control the bad ones. To achieve that we must identify different network traffic effectively.This work tries to identify different network services to control illegal traffic and P2P traffic. The research point is focused on NAT detecting and P2P traffic identification. The main contribution of this paper is as follows:(1)The Network Address Translation (NAT) technique resolved the IPv4 address shortage problem effectively. Meanwhile, it brings issues to network management. Unauthorized NAT devices may be a significant security problem. Attackers may conduct malicious activities by using computers hidden behind unauthorized NAT. The remote NAT detect algorithm is proposed based on support vector machine method. Different from previous researches, it dose not depend on any special field in any packet. The network traffic is represented by 8 features and filtered by activity value which is calculated by the proposed function. Then, the support vector machine method is applied to analyze the feature vectors and tell which ones are from hosts behind NAT. The implementation shows that the accuracy and specificity of the algorithm is much higher when there are more hosts behind the NAT device. (2) Unauthorized network address translation devices may be a significant security problem. It provides unrestricted access to any number of hosts connecting to it. Some attackers may use computers hidden behind NAT devices to conduct malicious activities such as denial of service. An algorithm is proposed to detect hosts hidden behind NAT. Different from previous researches, the algorithm does not depend on any special field in any packet header. It is based on analyzing traffic features with directed acyclic graph support vector machine (DAGSVM). Traffic models of hosts can be selected from training samples with DAGSVM. Then the models and classifier are used for predicting host number of unknown traces. What revealed by the present experiment includes that the proposed algorithm is effective, even when there are more hosts in the test set than it is in the training set, and the accuracy will fall when there are more unknown hosts in the test traces.(3) The self-similarity of Peer-to-peer (P2P) traffic is studied based on fractal method. Different from former researches, this paper focuses on the traffic of single protocol other than the macroscopic network traffic. Two popular P2P applications are tested and their application layer traffic tends to be self-similar. The self-similarity is more stable under behavior scale than under time scale in the experiment. Then the self-similarity of the P2P traffic is applied to P2P traffic identification. A novel traffic identification algorithm is proposed based on the fractal dimension and positivity of the network traffic. The experiment results show that the proposed algorithm performs better than existing algorithms in terms of accuracy, especially for encrypted traffic.(4) A service identification system is proposed in this paper based on current technologies and works proposed above. We solved the problem of identifying NAT device and P2Ptraffic by transfer information between the algorithms. The system is composed by three parts, the online device, the offline device and the warning server. The online device is responsible for online analyze, identify NAT traffic and other protocols by application signature and other fast algorithms. The offline device is responsible for offline analyze, make further analyze of NAT hosts counting and P2P traffic identification. In this way, the application traffic can be identified effectively and maintain the control power of the network.