The Research Of Flow Identification System Based On DPI

With the diversification of network applications, various kinds of network traffics are increasingly complex and diversification. It is also accompanied by a variety of network security incidents and lots of frequent violence, reactionary, pornographic and other undesirable information filled with the internet, the monitoring of the network traffic becomes an important issue. The traffic identification technology plays an increasingly important role in network monitor, which becomes a necessary supplement to static security devices like internet connection firewall.First of all, aiming at the practical application of the above problems, the mainstream recognition technology is investigated, including port identification, DPI identification and DFI identification. The advantages and disadvantages of each identification technology are made a detailed explanation, and the common technical problems for the system is analyzed. Issue requirement for the system is presented, then framework of system combined with software and hardware architecture and a variety of protocol identification scheme are proposed. Combination of DPI and DFI recognition technology is achieved, and this design and combination is elaborated in detail. Core module of System is implemented, including management module, forwarding module and identification module. The engine core part of the system is detailed designed, identify ways of hardware and software and the flow chart of engine design are given. In the engine core matching algorithm selection, three mainstream matching algorithms(i.e. KMP, BM and AC) is implemented with C++ language, then running time for three algorithms with matching efficiency are compared.Secondly, pattern string knowledge base and data packet acquisition which related to the system operation rate are explained. Knowledge base expressions of software and hardware part identification recognition part for the pattern string knowledge base were designed respectively. In addition, the data packet acquisition with relatively mature libcap technology is considered.Finally, Environment of the system is built up, and function and performance of the system is completely tested. According to the experimental results,the stability and reliability is analyzed. At the end of the work, the shortage of the work and the prospects of the traffic identification technology are summarized.