Network-based Application Recognition And Control System Design

With the continuous development of the computer network and a variety of newapplications continuous emerging, the Internet provides a wealth of services for peopleliving. However, in these network services the QQ and P2P download occupy mostnetwork traffic. When these services bring great conveniences, they also bring somedrawbacks, such as security vulnerabilities, network load and network structureincreasingly complex, which make the monitoring and management of networkapplications becoming increasingly important. And application identification is the basisof network monitoring and management. In order to better monitor and manage network,A network-based application recognition and control systems is designed in this paper.In the design of the system, first with the existing network environment, QQ instantmessaging software’s packets are grabed using the capture software WIRESHARK, andthe grabed packets are analysed based on the TCP/IP protocol specification. And thecontent feature of these packets are obtained. According to the format of SNORT rules,characteristic rules are written. And corresponding codes based on these rules can bewritten in the LINUX platform. The main function of these codes is matching the datapackets to be detected with analyzed rule according to the pattern matching algorithm, andthen inform the kernel the match results. Thus, the kernel data packet processing functionscan do the appropriate action to the data packets based on the results of user mode match.So identification and control functions of specific applications can be implemented. Thesystem is mainly composed of three parts. The first part is sending packets, sending thekernel mode packet to the user mode for detection by the IPS process. The second part isthe detection of data packets. SNORT detection engine will match the pre-defined ruleswith data packets using the pattern matching algorithm, and inform the kernel processingto process the data packets based on the detection results. The third part is the processingof the data packet, the kernel processing function processes the data packet according tothe detection results recorded in the circular queue and the action to the data packet, suchas blocking, the current limiting, etc, and then output the log.Finally, the system is to be tested using QQ software. The experimental results cantest and verify the effect of QQ application recognition and control.