A Study On P2P Flow Detection Technology Based On DPI & DFI

Various applications based on P2P technology have been widely adopted, which brings us many conveniences. Meanwhile, it gradually evolves into an'assassin'to the wide-band network, constantly brings on network jams, severely affects the quality of network services, brings out lots of potential safety hazards. Thus, high efficient P2P flow management measures to the relevant network level exit becomes one of the key factors to the maintaining development of the internet.Based on the project of the enterprise-level border gateway, this paper shoots the two problems, Hi-Speed and applying diversification, in current development of the P2P detection technology, and discusses the development course of P2P technology and its detecting technology. By a deeply research and analysis of P2P protocol, it brings forward a P2P flow detection solution based on DPI & DFI, achieves engineering implementation.The paper mainly discusses as follow:It deeply and meticulously analyzed current main-stream P2P protocols, extracted characteristic strings from them. Then aiming at the problem that the current software implementing detection methods cannot be applied in hi-speed wide-band network environment, the paper put forward a detecting algorithm of the P2P flow based on TCAM, and achieved line-rate detection of P2P flow based on in-depth packet detection technology in enterprise-level network environment, by hardware acceleration. The results demonstrated that this algorithm could precisely detect the forgone P2P flows.As to the problem that the in-depth packet detection technology base on TCAM cannot effectively detect new or transmission-encrypted P2P protocols, the paper put forward a weighted P2P flow detecting algorithm base on in-depth flow detection technology, which applies TCP/UDP method , {IP,Port} method, co-current connection number method to separately detect flows, and comprehensively analyzes the results to identify P2P flows. It turns out that the DFI weighted P2P flow detection technology has a better performance in detection rate, false rate and missing rate than every single technology alone, and is capable of detecting the transmission-encrypted P2P flows. As to the problem that there is deficiency when detection technology based on in-depth packet or detection technology based on in-depth flow is applied alone, the paper based on the R&D environment of the project put forward a relatively advanced P2P flow detection solution and achieved engineering implementation, combined two P2P detection algorithms to make up for each other's deficiencies, had been capable of detecting most know, unknown or transmission-encrypted P2P flows, during which a strategy of known flows processed with priority was adopted to guarantee the best quality of the communications. Theoretical analyses and tests reveal that this solution could accomplish line-rate P2P flow detection in GE interface, which completely meets the project's demands. At present, this solution has been successfully applied in the enterprise-level border gateway system.