Research On Key Technology Of P2P Traffic Inspection Based On Multi-feature Matching

The fast progress of P2P technology causes over 60 percent of Internet available bandwidth largely occupied by P2P traffic, meanwhile, brings about network security problems and copyright disputes. Many current P2P applications use several new obfuscation techniques to avoid detection, including dynamic port numbers, encrypted payloads and protocol masquerading, makes the capability of network traffic administration worse for ISPs, resulting in disability of fulfilling the requirement of fine operation. However, an accurate and high efficient inspection of P2P traffic is the essential precondition and key for network traffic administration.Based on the related research task of the"New Generation Network with High Trustability"project of 863 Program for the Eleventh-Five-Year Plan in the information technology, the dissertation makes main researches on the novel features of P2P traffic and the key technique of P2P traffic inspection, with the purpose of providing more effectual technic support for realization of"high-trustability"network service and fine operation on network administration.The main work is outlined as follows:Makes analysis on features of P2P applications, in terms of network node's behaviors and flow-level traffic. Based on the comparison study on current four P2P traffic inspection methods and their deficiency. This paper points out that the development direction of P2P traffic inspection is integration of multiple inspection techniques. Then, this paper puts forward an integrated P2P traffic inspection method based on multi-feature matching.Puts forward a cross-layer P2P traffic inspection method integrating PTITB algorithm (P2P Traffic Identification Algorithm based on Transport-layer Behaviors) and deep packet inspection (DPI) method. The experiment results indicate the cross-layer inspection method could effiectively indentify P2P encrypted traffic and P2P traffic with dynamic port number, and the inspection efficiency is higher than single DPI method, and solve the application classification limitation of P2P traffic identification based on the transport-layer behaviors.Afer analyzing the limitations of P2P traffic identification methods based on machine learning, this paper gives two improvement on offline training method by semi-supervised clustering learning and online identification of traffic by improved K-Means algorithm. According to cluster validation, the clustering quality of the improved offline training method is better than traditional clustering methods. The improved online identification method could make effective inspection on P2P traffic, and the detection rate for new types of network application is higher than K-Means algorithm.Gives a high speed traffic inspection scheme based on multi-feature matching using sampling technology, and makes a detailed design for key modules of the scheme. By performance analysis and evaluation, the proposed scheme with upper high practical value can be applied for real-time P2P traffic inspection on high speed links.