Research Of P2P File-Sharing Encrypted Traffic Identification Technology Based On Statistical Behavior

There are some advantages of P2P (Peer-to-Peer) network over traditional Client/Server distributed network, such as no-centric, scalable, robust and load balancing. So, P2P network is widely employed in field of military, commercial, government and communication. But when people enjoy the convenience of P2P file-sharing, it has brought rise of many new issues for society, such as network bandwidth exhausting, intellectual property and malicious Trojan horse virus attacks and so on. Therefore, we need to effectively and reasonably monitor P2P file-sharing traffic for ensuring availableness of the network. However, with the increasing of user's security awareness, various data encrypted technologies have been widely employed in P2P file-sharing system, which bring a big challenge.This paper does deep-going research into current main technologies which are available to P2P encrypted traffic identification. In order to efficient identify three main P2P file-sharing encrypted traffic (BitTorrent, eDonkey and Xunlei), a behavior-based encrypted traffic identification was proposed. Two key parts of this paper include:Firstly, extraction of statistical behavioral characters was proposed. Through theoretical analysis and experimental verification, an efficient identification scheme which can efficiently identify three P2P file-sharing encrypted traffic only by extracting the two characters including direction and size of three front data packages of TCP traffic was proposed. Then, we verify further about the minimal data packages which used to extract characters when identify every target traffic efficiently.Secondly, this paper focuses on choice of machine learning algorithms. By the comparative analysis and experimental verification of identification efficiency of several machine learning algorithms in current P2P traffic classification field, we found the high efficient identification of C4.5 decision tree classification algorithm by little time, which is suit to realize the goal of this paper.Finally, we make local optimization of classification model. By online classification experiments, the result shows that the classification algorithm is suit for efficient classification to P2P file-sharing encrypted traffic in high bandwidth. Then, the factors which affect the correctness degree of classification were analyzed.