Research Of Application Layer Protocol Identification Technology Based On Multi-core NPU

With the development of network technology, various kinds of network applications are increasing rapidly-which result in a more and more complex network and bring a big challenge to situational awareness and traffic analysis. On the other hand, the increasing bandwidth expects high-performance safety equipment for fast stream processing. In this paper, we launch numerous studies on protocol identification technology, based on the popular application layer protocols. We design and implement an application layer protocol identification system based on a multi-core NPU platform.In this paper, the designed protocol identification system is based on the multi-core NPU platform, XLP432. Due to the inherent multithread, quick access of interface to the content and low power consumption, multi-core NPU is widely used in the network packet processing applications, such as router, firewall, and balancer, and so onProtocol identification is the basic technology of traffic analysis, firewall and intrusion detection system. The protocol identification system includes two modules: stream management and protocol identification. Stream management creates sessions to manage the associated packets based on the extracted 5-tupe. Based on the port and protocol characteristics, the package is matched with specific rules, and the matching result is returned to stream management for further processing.Stream management is responsible for stream creation, forwarding, discarding and deletion. Protocol identification module is the core of this system. The key components are the form of the features for protocol rules and the selection of the algorithms of pattern matching. Based on the two standards, we denied the scheme with XML signatures and AC matching algorithm, and choose a scheme of regular expression matching with an optimized library of L7-filter.The innovation is that based on the previous work of Michela Becchi,we optimized the compiling process. First, we proposed a multi-thread parallel strategy to reduce time-cost in the compiling process, and it was effective. Secondly, the function of tail anchor is added and the accuracy is proved, so that the Regular Expression Matching Engine can deal with tail anchor.Based on the above design, this paper implements a protocol identification system for the application layer traffic, and all aspects of the system were tested and evaluated. The results show that the system can meet the requirement of fast protocol identification.