| The utilization of the P2P application program has been made a great development in recent years. The populous P2P application in networks including the traffic produced by file sharing, immediate communication, coordinate calculation and network games have surpassed HTTP and FTP and held the half of the traffic of whole Internet more, and so it had brought a large load in networks. Because of the popularization of this application and a higher requirement for the network bandwidth, it has made an obvious effect to the other applications; and because of the variety and complexity of the P2P protocol, it has made a great difficulty to count and control that traffic. Only when the P2P traffic is identified well in the networks can it make the flow control, flow management and other works. It means that the study of identification technology for P2P taffic has become more and more important. Along with the appearance of new developed and improved P2P program continuously, the original identification technology cannot meet demands and it requires studying a new identification method for meeting demands.First, it has summarized the two features of BT flow for designing the identification engine later by analyzing and studying the network traffic of a representative P2P system—BitTorrent in the aspects of the flag bit of transport layer, the size of packet, TCP hand-shaking time and the distribution of packet size.And then, it has suggested an identification method for the P2P traffic in the process of client by studying the relativity between the process of host and network traffic. By checking the process running in the hosts, it can identify the traffic produced in the P2P process automatically in order that the client host has ability to identify the P2P traffic produced by themselves.On the base of the earlier research, it has designed an identification system of P2P traffic with varieties of identification engines. The system is formed with five functional modules. The function of identification modules in the client is to download the P2P process list from the server by the client program that will be made comparison with the process running in client host. If it had identified the P2P characteristic process, it will report the flow information of that process and external hosts to the system for finishing the identification of the P2P traffic produced by client.Comparing with the traditional P2P identification system, the new system suggested here has the following features and advantages:It can settle the problem of identification failure for the port hopping and data encryption caused by the traditional method effectively by introducing the identification based on process in the client hosts; it can reduce the load of server effectively and improve their identification efficiency with the combinations of one-point identification and multiple-point identification and combinations of various identification methods; it can improve the ability of extending and renewing identification systems by introducing the management systems of identification engines; it can ensure the communication safety between the identification modules in client and systems by introducing the mechanism of TLS safe communications.The whole system can not only identify the P2P traffic in different levels with the combinations of various identification methods, but also improve the efficiency and accuracy of identifying P2P traffic in LAN to a great extent comparing with the traditional identification methods of P2P traffic. |
PDF Full Text Request