P2P (Peer-to-Peer) technology has been widely accepted by people with the advantages of scalability and robustness since the emergence of it. The differences between P2P network service and the traditional client-server architecture is that P2P offers the network members with direct information service and data interchange with each other. Today, due to the increasing popularity of P2P applications, P2P applications have grown to represent a large proportion of Internet traffic. According to statistics, in 2010, P2P traffic accounted for 70 percentage of Internet traffic in China which became one of two major growth poles. Among the P2P file-sharing protocols, BitTorrent (BT) protocol is one of the most popular. Against the background, many P2P applications are bandwidth-sensitive and take up the bandwidth of other network services. Furthermore, because of the distribute architecture and difficulty in identifying of P2P, we could not control the spread of illegal information.Therefore, accurate identification and management of P2P traffic has gained great attentions, and accurately identification of applications used BitTorrent Protocol makes great sense for identifying the whole P2P traffic.There are many researches about identification of peer-to-peer traffic and the most popular are deep-packet-inspection-based methods which are analyzed and summarized in this thesis. Then we propose a novel method called Peer-Cache based on peer-information to identify encrypted traffic of BitTorrent protocol. Before the BT clients begin to download data officially, they would negotiate with the Tracker or other peers at first. Through analyzing the BT negotiation traffic, the Peer-Cache method can get the candidate peer information, then the BT file-sharing traffic related with these peers can be accurately identified and controlled even it is encrypted.This thesis decomposes the Peer-Cache into six models:network data management module, network connection record module, parsing module, update Peer-Cache list module, retrieval Peer-Cache list module and statistical module, and then implements the whole Peer-Cache method. Meanwhile, the evaluation is given in this thesis. Our experiment results show that the peer-cache method can identify BitTorrent traffic very accurately.Finally, we conclude this thesis by giving our contributions and discussing the future work. |