Design And Implementation Of Network Traffic Identification And Control System Based On DPI

With the rapid development of the Internet and broadband technology, Internet applications continue unabated. Intelligent terminals (such as smart phones, tablet computers) and rich Internet applications speed up the development of the mobile internet. Mobile internet business (like social networking applications, shopping applications, video applications, mobile games, location service applications), is widely used in life, so that a large number of intelligent terminals access the Internet. The network traffic of the Internet keeps growing at a high speed, and it has huge impact on the existing network quality of service. Operators need to control the growing multimedia traffic which occupies bandwidth easily, reduce network congestion, and improve the user experience. For enterprises, with more and more of network applications and intelligent terminals which are widely applied to the business office environment, the enterprise information security risk is becoming more and more serious. Especially in recent years, attacks aiming at the application layer are growing, and traditional detection methods based on IP and port have been very difficult to identify attack traffic. Therefore, how to achieve effective monitoring of abnormal attack traffic becomes a serious problem that needs to be solved under premise of guaranteeing the normal operation of a company’s business, when enterprises monitor network traffic.In this paper, the existing network traffic monitoring technologies based on the application layer are studied and analyzed. There are some problems in the existing traffic monitoring system, for example, low efficiency of application identification, characteristic description of application and matching algorithm which do not adapt to the complex network applications. In accordance with these problems, a new network traffic identification and control system based on Deep Packet Inspection (DPI) is designed. Different from traditional identification methods based on IP and port, system designed in this paper detects the application layer and implements access control policy. In order to meet the security needs of the user specific business, the system monitors and controls network traffic of the related network application.The main work of this paper can be summarized as follows:1. Architecture of the traffic identification and control system based on DPI is designed in this paper. Architecture of the system includes network data preprocessing module, traffic identification module, traffic control module, database module, characteristic library analysis module, front module and so on. Then, functions of the modules are expounded respectively.2. According to features of different applications, application characteristics are located from the aspects of single packet and multiple packets. A new characteristic library structure is designed using plain string and regular expression to describe characteristics of application layer, and the efficiency of application identification and pattern matching is improved.3. According to the distribution of actual protocol traffic in the network, this paper proposes a Deterministic Finite Automata (DFA) grouping algorithm based on regular expressions. This DFA grouping algorithm makes protocol grouping accurate and improves the efficiency of matching.4. The process of system realizing is discussed. The network traffic identification and control system based on DPI is tested, and the system performance is analysed from the aspects of throughput, the number of supported protocols and robustness.