P2P Traffic Identification Technology Based On Characteristic Process And Data Mining

With the development of P2P(Peer-to-Peer), it spreads rapidly in the Internet. P2P has become the most important component in the network, because of its advantages of sharing files, searching resources, distributed computation and so on. When P2P technology plays a great part in promoting Internet, however it has brought huge loss into the network bandwidth and even caused network congestion, which resulted in the reducing of the performance of other non-P2P technology and produced hidden danger for network security. Therefore, it's a significant problem for network operator to monitor and manage P2P traffic and network behaviors effectively. It is a key technology to manage the network traffic that network traffic from P2P applications is identified first.In this paper, we do researches on some familiar P2P traffic identification technology and analyze the principles and characteristics. One technology is based on port, but P2P applications could avoid being detected via dynamic ports and ports in disguise long ago. P2P traffic identification based on payload information can classify P2P applications with matching the payload of packets, but it is very difficult to detect cryptographic traffic. The technology based on characterization of flows can detect flows according to the different traffic characteristics between P2P and other network protocols, which identifies the encrypted traffic easily , need not analyze the contents of packets and restore the network protocol. But it needs a lot of off-line analysis, Consequently, it is required to find a way of P2P traffic identification, which is accurate and high-efficient.In this paper, we also introduce data mining technology applied to P2P traffic identification, use simple network flow collection tools and machine learning platform to simulate some common clustering algorithms, and analyze the performance of each algorithm. On that basis, one modified P2P traffic identification system is proposed, which consists of two modules, clients and server.(1) The clients are mainly in charge of traffic identification. They carry out real-time detection on P2P traffic in the network via combining two ways of identification technology, characteristic process and data mining. The identification based on characteristic process is used to detect P2P process of the operating system, which is high-accurate. And unsupervised machine learning methodology of data mining is used for unknown P2P traffic identification, which has high efficiency. (2) The server is responsible for receiving P2P identification message, updating and managing P2P process libraries of the network.