| With the rapid development of Internet technology, new applications and services continue to emerge, and application layer protocols come out one after another. It brings great convenience to people, but at the same time, security issues also become increasingly serious. Various new applications and unknown network protocols make network more complex, diverse and difficult to manage. For example:P2P, video streaming and other applications occupy a lot of bandwidth, which result in the depletion of network resources; a variety of network malicious attacks (Botnet, Worms, Viruses, etc.) are even more harmful to the network services and information security.Therefore, on the one hand, we need to be able to identify and control the Internet network traffic quickly in real time and make more efficient use of network bandwidth and resources; on the other hand, we need to quickly recognize and remove the illegal and malicious traffic from normal traffic. This will provide a positive significance to network purification, social harmony and country stability. Quick identification of application layer protocols is not only the right way to solve these problems, but also key issue and hot topic of network and information security technologies.This paper gives a comprehensive overview of identification of application layer protocols firstly, compares several identification methods and summarizes their advantages and drawbacks. The feasibility of protocol identification technology based on the payload is also analyzed in the paper. Then, the identification technology based on accurate matching technology is addressed, it use a combination method of protocol analysis and string matching to analyze network data packets. By comparing four kinds of classical multi-pattern algorithms, the SRS algorithm is selected as exact matching algorithm in our system. For protocols with more complex features, DFA regular expression matching engine is used to indentify the data stream. Based on the research results, this paper provides a bitmask-based approach, and design and implement an application layer protocol identification system QC(Quick Classifier) which integrates the accurate matching and the the regular expression matching method. This can reduce the matching times effectively. Finally, experiments and evaluations of the QC system are given. The experimental results show that QC system have more accuracy and efficiency than L7-filter. |
PDF Full Text Request