Study On Key Technology Of IP Network Service Identification

IP network traffic identification is an important premise and basis of network securitymonitoring and network management.With more and more network service carried on IP network,service identification and analysis has increasingly become the focus of research. The traditionalInternet, IPTV, TD/LTE are carried over IP network, however,the services carried on IP Networkare complex and varied,Therefore, how to achieve " service can be identified, network can bemanaged, behavior can be traced back", become a focus of network operator and the nationalgovernment for the network.However, as the rapid emergence of the Internet applications, IP network service identificationhas become a difficult problem. From the early port identification method up to now, more andmore applications and services using dynamic variable port, legitimate port tunnel method to avoidregulation.And then, DPI method can identify some services such as variable port or portcamouflage, but still can not meet the rapid development of application update, applicationencryption…etc,therefore, thus further appeared with machine learning, computational intelligence,fuzzy method based service identification algorithm, but still can not well solve the IP networktraffic identification problems, so how to establish a set of accurate, intelligent, real time IP networktraffic identification mechanism, has become a highly challenging problem, and it has become a hotresearch topic in the field of Internet measurement.According to the IP network traffic identification is facing many problems and difficulties, wedevote to the in-depth study of the existing technology,and put forward a set of fast,accurate,intelligent service recognition method. Then,according to DPI method, we bring forward a methodbased on the DPI and SAT (session Association Technology) integrated service recognitionmethod for identification, such as the QQ. At the same time, according to the technicalcharacteristics of DPI cumbersome maintenance, and it is unable to adapt to the new application,weput forward methods using machine learning to further improve the service identification algorithm,and further put forward the Decision Tree model method to identify service, and the accuracy,performance and other aspects of algorithm is also comprehensively described. According to theresearch target, main contribution and innovation of this thesis are as follows:（1） Multiple engines integrated service identification framework is constructed. By thisframework we can solve some problem through a single identification methods. Andfrom the data acquisition, protocol analysis, service identification, application show,the four level we Hierarchically explain the service identification framework, the model frame can be widely applied to all service identification problem.（2） based on the multiple recognition engines framework, using DPI and SAT sessionassociation technology we put forward a new service identification method, and we usethe QQ application as a case.Then we also discuss the accuracy and performanceassessment of this method in two ways of active call testing and passive acquisition.（3） As for the traditional service identification method can not well adapt to the newcharacteristics of services and complicated maintenance, this thesis mainly studies theidentification method based on machine learning. And various algorithms are comparedby experiments, analysis the influence of network traffic classification performance ofthe main factors: sample size, feature selection, machine learning algorithms andapplication type number. Major label sample set and a small amount of application typenumber makes the network traffic classification more accurate, the decision treealgorithm REPTree and C4.5with high precision and low cost excellent performance.（4） the C4.5decision tree algorithm to business recognition method. Based on C4.5decision tree model for business identification can be based flow attribute statisticalproperty of the network traffic classification. This identification method is moreconcerned about network traffic characteristic, and does not need to parse theapplication layer protocol, has a good scalability. The C4.5algorithm is currentlyknown for business recognition machine learning classification method, theclassification accuracy rate is high, can reach about95%, and the prediction of shortprocess time, in a short period of time to deal with a large number of network traffic.