The Study Of Of Network Traffic Identification Technology Based On Conduct Statistical Properties

Internet traffic is currently filled with a variety of data, including a large proportion of the rise in recent years and the rapid development of peer networks (Peer-to-Peer) applications. Because of this, it is particularly important in network management that to control and management P2P traffic. P2P traffic through the development process which is form the port-based detection, packet content-based inspection to detection based on statistical characteristics. Detection methods of the vast majority remain in the realm of theory, and some of its technical shortcomings. In this paper, different types of P2P applications business with the characteristics of the study, and in-depth analysis of the flow behavior characteristics based on node connectivity and packets discrete and the behavior characteristics of main network traffic of this building detect models.The main work and contributions of the present thesis are as follows:(1)This paper analyzes some of the methods related to P2P traffic detection at present, P2P service is divided into five subclasses according to the type of application, the two major categories. By analyzing the connectivity features to distinguish from other network traffic. Identify the first category by the method of port detection; File sharing P2P applications and streaming class is the second largest category, by analyzing the strength of the packets dispersion to identify.(2)This paper presents a model a parameter builder by Sequence number of the data packets and packet arrival order, to judge packets discrete, to distinguish between P2P file sharing traffic, or streaming class.(3)This paper points out that some non-normal network traffic, such as DOS attacks and malicious behavior scanning also has the characteristics of a large number of connections in a short time to establish. Once the attack and the scan began, the network load pressure will increase. This behavior has similarities with the file sharing and streaming media transmission class of P2P services. Through in-depth analysis of the distribution of nodes, the connection status changes and the connection with the port rules and the length of the packet transmission characteristics of such acts, proposed a multi-dimensional parameter to distinction malicious attacks or scanning behavior between file sharing scanning, streaming P2P business class in the network. And proposed a P2P traffic identification model based on conduct statistical properties. The method model can effectively detect and manage P2P traffic flow, optimize network bandwidth, and to avoid similar attacks and malicious Dos scanning and other security issues.