Research On Network Application Identification Techniques Based On Feature Matching

With the deepening development of the Internet, the rapid increase in network speed, gradually expanding the scale of the growing user demand, many new network applications occurred. These new applications have complex structures and changeable network protocol. They have more complex network traffic than traditional applications. These new features have brought many new problems and difficulties for the identification and control of network traffic. Therefore, network application identification technology is very important now.This paper is focused on network application identification technology. To improve the adaptability and efficiency of recognition algorithms for network applications, doing research in the following areas:The traditional recognition system has poor adaptability to new applications and tedious process of matching signature updating. In order to solve the problems, this paper presents a solution, which uses formal description language in the network application identification system. A feature description language is defined to descript the matching signature. The language is also defined by EBNF grammar model. The descriptions of matching signature of network application are managed by unified documents. On this basis, the feature description language parsing algorithm is designed.With the advantages of port match and payload characteristics detection, a recognition algorithm of network applications is proposed, which is based on feature tree. This recognition algorithm, which combines the port number balanced binary tree and payload characteristics automata, can greatly reduce the number of signatures matching during the recognition process. In addition, multi-pattern string matching algorithm is improved. A comparative experiment is designed to verify the efficiency of the algorithm.Finally, based on the key technical programs, a network application identification system is designed and implemented. The system uses the feature description language to manage matching signatures. And the recognition algorithm of network applications based on feature tree is used to identify network application traffic.