| With the development of the Internet, there are more and more web application services nowadays. In order to implement effective supervision of network traffic, first of all, the protocol identification technology should be used to identify different application types of the traffic, then well targeted regulatory measures can be taken. However, the traditional port-based method for protocol identification will not be effective any more, the reason is that more and more protocols begin to use dynamic ports or encryption technology.The two most common used methods for protocol identification are identification method which based on DPI and traffic characteristics respectively. There are some obvious advantages such as real-time and high accuracy when using the former one, but the encryption protocol can't be identified by it. The second method can identify encryption protocols and unknown traffic, but with greater false-identification-rate as well as bad performance of real-time.Based on the study of the existing methods for protocol identification and combined advantages of these methods, this thesis proposes a method for protocol identification based on twofold characteristics. The method uses twofold characteristics including payload characteristics and traffic characteristics to detect network traffic, through which the online testing is feasible, and encryption protocols and unknown traffic can be identified with a high identification rate and an appropriate accuracy. At the same time, this thesis has made some in-depth analysis on how to select payload characteristics and traffic characteristics, defined a new syntax format of rules of characteristics, and built protocol classification models by using the SVM tools.A protocol identification system based on double characters is designed at the end of this thesis. The results of performance testing show that the new method for protocol identification is effective and feasible. |
PDF Full Text Request