| Resource sharing technology of P2P network promotes the rapid growth of P2P traffic. P2Phas been applied to various fields of Internet services, including file sharing, streaming media,distributed computing, gaming and entertainment. According to statistics, P2P traffic occupiesmost of the bandwidth, and even causes network congestion. Malicious traffic generated byunlawful node exacerbates the bandwidth consumption and even produces attacks of denialservice because of its universality and concealment. So the accurate and efficient identificationof P2P traffic becomes a key issue of monitoring and controlling P2P traffic, which also has animportant meaning for protecting Internet security.In this paper, several P2P traffic identification methods are analyzed. For example, portidentification method identifies P2P traffic by verifying the port number. Deep packetidentification method identifies P2P traffic based on the matched load characteristics. Behavioralfeature recognition method identifies P2P traffic application based on the traffic features.Machine learning and probability statistics identification method get a classifier based onstatistical samples to achieve the purpose of precise identification. On the basis of theabove-described identification method, we study the behavioral feature recognition method, andpropose two features of the traffic behavior to enhance the accuracy of identification. Throughthe analysis of the probability statistics recognition method, we proposed and implementedhandling large data sets stand-alone environment solutions to problems in the cloud computingenvironment. The main work is as follows:(1) The current P2P softwares use dynamic ports and load encryption technology widely. Itmakes peer-to-peer network traffic identification limited which is based on the transport layerport and deep packet inspection (DPI) technology Through the P2P traffic analysis found twocharacteristics P2P node has double characteristics: firstly P2P nodes can upload and alsodownload the data, which means the nodes have duality, secondly the variance ratio of forwardand reverse flow package of time interval fluctuates within a certain range. Thus proposednode-based and flow behavior characteristics of P2P traffic identification method, and appliednetwork traffic monitoring. The results show that this method can be objectively identify newapplications and encrypted traffic, the flow identification rate was93%, the byte identificationrate was95.5%.(2) Due to memory limitations, P2P traffic identification can only deal with small-scale datasets in a stand-alone environment. And all the attribute characteristics used in the P2P trafficidentification based on Bayesian classification are artificial sele cted. Therefore, the recognitionrate is both restricted and lack of objectivity. Based on the above analysis, a Naive Bayesianclassification algorithm is proposed in the cloud computing environment,and then an attribute reduction algorithm is improved to adapt to the cloud computing environment. Finally, bothabove algorithms are combined to achieve fine-grained encrypted P2P traffic identification. Theexperimental results show that this method can efficiently process large data sets of networktraffic, and the recognition rate of P2P flow is high, and the results is objective at the same time. |
PDF Full Text Request