Research And Implementation Of Non-Default Port Based Network Protocol Identification System

With the rapid development of Internet, the Internet has become the most important component for International commercial cooperation, information exchange and development of new technologies. However, with the increasingly diverse application emerging, it has changed the structure and pattern of network traffic dramatically, making the analysis of Web applications are faced with severe challenges. Therefore, the accuracy of network application analysis will significantly affect the network analysis and prediction results.However, the current research of network application identification technology cannot catch up with the pace of development. First generation network protocol identification technology is usually based on default port number. Because most of applications at that time were strictly complied with the IANA port number allocation, port-based identification technology is not only accurate, but also can meet the needs of real-time application classification. However, with the continuous emergence of new applications, these applications began to show the camouflage and dynamic characteristic of. In addition, these applications will be using self-defined and dynamic ports. Therefore, port-based protocol identification technology becomes powerless.In this thesis, after browsing and studying TCP/IP protocols stack, network protocol identification technology, network traffic management technology and Linux network programming technology, a set of effective non-default port based network protocol identification mechanism is proposed based on the original protocol identification technology. The main research contents are as follows:(1) Introduce and discuss the background of network protocols, development status of network protocol identification tools and significance of non-default port based network protocol identification.(2) Propose effective identification mechanisms for FTP, HTTP, TELNET and SSH, which uses new concepts of initial condition table and extensive condition table.(3) Propose a set of non-default port based network protocols identification framework by integrating the characteristics of several application layer network protocol identification mechanisms.(4) Adapt a highly flexible schedule strategy as the embryonic form of the traffic schedule mechanism, to achieve load balancing, with which it can improved the efficiency and stability of the system.(5) On the basis of above results, design and implement a non-default port based network protocol identification system, which has the characteristics of high identification rate, support of traffic load balancing, protocol identification scheme scalability, broad application prospects and so on.