| With the rapid development of Internet, network applications and the architecture of the network has also undergone profound changes. To design, control and manage the network successfully, effectively, we must understand and grasp characteristics of the network very well, and one of the direct and effective method is to analyze the behavior of the network traffic. The analysis of traffic's behavior is based on analysis of network traffic data collected by the state of network to rationalize the network load, predict potential problems or to make future network planning guidance.By the means of analyzing network traffic's behavior This paper focused on the P2P traffic and the call traffic when phone segments and public service phones suffer from DoS(Denial of Service) attack from Internet under the softswitch platform, and applied to the identification of P2P traffic and the detection of DoS attack that phone segments and public service phones suffer from under the softswitch platform.Firstly, the traffic of domestic common P2P application is analyzed, and traffic mining based on the analysis to identify P2P traffic. First analyzed the common P2P application traffic's behavior characteristics of the application layer, and then combined with data mining technology, according to the behavioral characteristics of P2P application traffic flow for manual label of the extracted flow parameters, and finally using C4.5 algorithm to identify P2P traffic. Simulation results show that the P2P identification method that based on the analysis of the traffic's behavior and data mining techniques can identify P2P traffic quite well.Secondly, this paper analyzed the call traffic of the phone segments and public service phones when suffering from DoS(Denial of Service) attack from Internet under the softswitch platform, and then based on anomaly detection of traffic to detect such attacks. First discussed the possibility of phone segments and public service phone suffering from DoS attack that lunched in the Internet, pointing out that the new type DoS attack is likely to occur. Secondly analyzed the DoS attack traffic's characteristics in-depthly, and proposed detection method to detect this new form of attack which is based on detecting anomaly of the call traffic its deployment as a part of on-line detection security system under the softswitch platform. Simulation results show that the method can effectively detect such a DoS attack. |
PDF Full Text Request