| With the continuous development of P2P applications, P2P traffic has occupied 60% ~ 80% of the total Internet flow. The rapid growth in P2P traffic has led to the irrational distribution and huge consumption of network bandwidth. It even causes network congestion when downloading large amounts of data with P2P applications. Thus, the inappropriate use of P2P applications greatly reduces the network performance, depredates the quality of network services, and hinders the normal network operations and the development of critical applications. To accurately identify P2P traffic is of great significance to QoS, traffic monitoring and accounting management. In order to effectively identify P2P applications, it requires the use of a reliable flow identification technology. Meanwhile, in the current high-speed, high-bandwidth network environment, it is the key to conduct traffic classification to use efficient pattern matching algorithm.This thesis focuses on the issues related to P2P traffic identification, and completes the following work.It studies the developments and the current status of the technology of network traffic identification. Through the comparison of the current technologies, it finds that the port-based identification method can identify a limited number of the protocol, and the accuracy rate is not high; emerging measurement-based identification method can not be detailed on the network traffic classification. It also requires to carry out further research to make the method reliable; payload based identification method is currently the most mature technology widely used in a variety of flow identification systems. It can achieve an accurate identification of P2P traffic with this approach.The analysis of P2P protocols is the premise and foundation of the payload based traffic classification. This thesis analyzes the working principle of P2P applications, their network model and key technologies. Through the analysis in implementation mechanisms, interactive process and the message format of BitTorrent, eDonkey, Gnutella, Kazaa, and DirecConnet (the most widely used P2P protocols), this thesis designes the signatures for these protocols. It can efficiently and accurately identify P2P traffic with these signatures and work well in the current high-speed, high-bandwidth network environment.In the process of P2P traffic identification, the pattern matching algorithm plays a key role. This thesis analyzes the design thought and implementation mechanisms of current single-mode string matching algorithms. Based on BM, BHM, and QS algorithms, a new improved algorithm is designed applicable to network traffic to identification. The algorithm performance test demonstrates that the improved algorithm can effectively reduce the number of comparison in the process of match ing and shorten the matching time.P2P traffic identification relies on high-performance and stable development platform. Based on the results from the above research and Netfilter/iptables, the underlying framework in Linux protocol stack, a P2P traffic identification module is developed through the extension of the Linux kernel network services. Test proves that the module can accurately identify P2P traffic.Focusing on the identification of P2P traffic, this thesis studies the technologies involved in network traffic identification; designes the signatures for P2P protocols and an improved pattern matching algorithm for packet inspection. Using the above research results, a P2P traffic identification module is developed based on the Netfilte/iptables framework which can achieve an accurate identification of P2P traffic. |
PDF Full Text Request