With the extensive application of multimedia and p2p businesses in network, technologies on network traffic identifiaction and control emerge to be a major issue for discussion in network traffic management area. By means of traffic identification and packet classification, network traffic identification technology necessarily premises the network traffic control, which is an important way to ensure that key network flow can run smoothly in network. Therefore, this paper focuses on how to identify different network traffic, and flexibly extend identification function on the basis of various application demands so as to meet diversified identification requirements.Different technologies of network traffic identification and packet classification algorithms have been discussed in this dissertation based on domestic and overseas study in this area. These technologies have been applied in typical network traffic identification system. In this paper, a scalable traffic identification model-STI, as well as the prototype system based on the model, is designed and realized, which uses port mapping, traffic character configuration and kernel module plug-in etc. to extend the identification capability of the system flexibly. The main efforts done in this dissertation are as follows:1. On the basis of analysis and study of the current network traffic idenfication methods, traffic identification technologies on different layers have been summarized. In this dissertation, two kinds of typical P2P traffics have been discussed focusing on deep content inspection technologies based on the application layer character signatures. This paper analyzes the traffic character signatures of the p2p traffics, and provides the proposition of corresponding identification methods.2. Typical packet classification algorithms have been studied in this dissertation. According to traffic identification requirement, this study chooses the definite packet classification algorithm used in the above-mentioned STI, which takes the advantage of ABV algorithm in managing the large-scale ruleset, extends the function of dynamic update of the rule-set, and thus can adapt itself to various traffics' high-frequent dynamic change in the environment of network traffic identification.3. Under the NetFilter framework, a prototype system of network traffic identification has been designed and implemented, which on basis of ABV algorithm identifies several typical network application traffic by means of port identification and application layer character identification, and also extends the system's identification capability by means of expanding identification module plug-in, modifying the tables of traffic character configuration and port mapping. The experiment results show the efficiency and correctness of this model. |