The Research And Implementation Of Network Application Identifcation System

In recent years, great changes have occurred in the Internet, and a variety of new network applications start to emerge. And the identification of the specific network applications running in the network is the premise of network management, maintenance, security management. The application of deep packet inspection (DPI, deep packet inspection) which is most widely used, and the DPI using signatures matching algorithms from the original characteristics of single pattern string matching algorithm, to multi-pattern matching algorithm to meet the requirements of the current high-speed network nowadays. The main network equipment manufacturers have developed their application identification system products based on DPI technology, like 3Com TippingPoint x505, Cisco network security devices use network application identification based on regular expressions. The main feature of the DPI is through the network packet pay load and known application signatures to judge the result of identification.This thesis focuses on the multi-pattern matching algorithm, and the AC(Aho-Corsick) multi-pattern matching algorithm is used most widely.After analysising the advantages and disadvantages of various pattern recognition algorithm analysis, AC multi-pattern matching algorithm is proposed, and the algorithms' perfermances are tested correspondingly.With shortcomings of deterministic finite state automation (DFA, deterministic finite automation), the compression storage of the state transfer array is studied.In a sense,AC algorithm is a special kind of DFA automata, and the corresponding algorithm is improved to ease the consumption of a large amount of memory, and improve the efficiency and performance of the algorithm. The design of multi-pattern matching engine based on network application identification is implemented through the improved AC algorithm. Finally, a prototype system of network application identification named AppID is designed and developed through the improved algorithm, and the corresponding functional tests are introduced.