Study On P2p Traffic Identification Methods

P2P is a new model of network application, which is characterized by relying on the edge node of the network, rather than centernode to achieve self-organizing and sharing resources. Since the emergence of P2P networking in the late 90s, P2P applications have experienced a pretty rapid development and occupied many network application fields. While P2P is in the rapid development in recent years, it also has brought many new problems for network management, such as much bandwidth occupying and network security.With the rapid development of P2P technology, P2P applications adopt strategies such as using dynamic ports and encrypting payload to escape from traditional traffic identification methods, causing many difficulties for traffic management and analysis. Since most of P2P applications are using dynamic random port numbers, data encryption, the traditional port matching technology has become useless for P2P flow identification. Research on P2P flow identification has become the most important problem of P2P flow management.Traditional P2P traffic identification solution is not accurate and efficient. Aiming at this problem, P2P traffic identification methods based on the behavior characteristics of the transport layer and data mining are to be valued. The P2P traffic identification approach that based on the behavior characteristics of the transport layer is a more accurate method. But this method also has a significant drawback. It is undeveloped, only applies to the post record traffic analysis, and can not be used for real-time traffic identification.In this thesis, we begin with the operating principle of Several kind of solutions in P2P flow identification and analyze their advantages and disadvantages in the identification process. This paper proposes a new method based on neural network model, using back-propagation neural network and P2P traffic characteristics of net flow data packets to fulfill P2P traffic classification. Summarize the overview of the BP neural network technology, select and extract the feature of P2P traffic, establish a model and simulate the model with simulation software. Experimental results show that this method has proper accuracy on P2P traffic identification. Compared with many already existed P2P traffic classification methods, it has higher generalization and stronger self-learning ability in advantage, its performance can meet the actual needs. The method based on BP can identify P2P hosts effectively, and has low false alarm rate. However, this method of identify the results is coarse, can only determine whether the host is a P2P host or not, can not determine which host is running a specific P2P application. Application-level classification of P2P traffic classification in the aspects of traffic analysis and traffic control has great significant. Method based on BP divide the hosts into two categories, and application-level classification of P2P is a multi-class problems. Clearly, the simple threshold model can not effectively distinguish. Based on the research of BP technology, a method to realize the P2P flow classification based on the support vector machine is proposed.By analyzing the differences of the various aspects between the traditional applications and P2P applications, summed up the common of P2P traffic. And from the connection mode and the packet characteristics, this paper generalized into the behavioral characteristics of P2P traffic, combined with excellent support vector machine classification performance and identified different application types of application types of application-level classification of P2P flows. The algorithm used to cycle through the training process was optimized using cross validation and Web search strategy on SVM kernel function parameter selection. Researches had been focused on three kinds of P2P application BT, Emule, PPStream. The experimental results confirm the validity of proposed method, the average precise rate is 95%.The experiment shows this method based on SVM can effectively avoid the instability of P2P traffic distribution change.