| The application of P2P increases in recent years. P2P technology can provide fast and efficient file sharing, high availability of low-cost computational resources and storage resource sharing, a strong network connectivity and flexible information communication capability. P2P technology has been widely used in various areas. According to statistics, P2P application accounts for 60% to 80% in ISP business. The network security, manageability, and availability of traditional application are challenged with the increasing importance of Internet and the more and more complex network configuration. People are more clearly aware of the need of intensive understanding and analysis on P2P network activity and traffic in order to provide technical support for P2P monitoring and management.Currently, the two main methods of P2P identification are DPI(deep packet inspection) and transport layer identification. However, both methods have their own shortcomings: the former fails to identify DPI with the rapid development of P2P and the emergence of fuzzy protocol, encryption protocol, etc. More and more P2P application has increased the later period maintenance costs of DPI technology and lead to the payload characteristics become bigger and bigger too. And DPI detection is of great complexity. The latter is weak in the classification of P2P application and subject to many restrictions in improving the accuracy of detection. What's more, it is difficult to achieve real-time and it occupies a high cache space. Now many studies try to combine the two technologies in order to make their advantages complementary, but make the shortcomings of each other superimpose at the same time.This paper analysis transport layer characteristics, such as connectivity, protocol and the node role characteristics according to the relationship of the port and IP number to sum up the distribution between P2P flow and non-P2P flow. This paper proposes a hypothetical P2P flow heuristic identification method by the distribution characteristics and the idea based on transport layer identification. This method is mainly to identify high probability of P2P flow, and it can reduce the large number of non-P2P flow which needs to be detected. Accordingly, this paper designed and implemented a system: deep packet inspection combine flow detection to identify P2P flow which is based on heuristic Identification. This system has DPI recognition accuracy and flow detection scalability. It reduces the data of DPI detection and flow detection cache through heuristic identification, thus reducing time and space complexity caused by the combination of DPI and flow detection. |
PDF Full Text Request