Research On Application Protocol Identification Based On Deep Packet Inspection

With the rapid development of the Internet industry,more and more complex network structure,the network has been integrated into our learning,work,entertainment,and many aspects of life.Traditional port detection is based on the network identification technology,which exploits both the 5 tuple information on the network data flow to monitor the situation,and the port number to identify some of the application layer protocol type.However,the Internet has a large number of custom port number of the new application protocol with the development of network technology,no longer just the traditional HTTP,Email,FTP,SNMP and other protocols,especially dynamic port technology and HTTP channels and other camouflage technology Development.The traditional identification and accuracy of network identification technology based on port detection cannot meet the needs of the current network environment.In order to monitor and manage the increasingly complex network environment,the network data traffic,business use of more granular analysis and management.We study the application layer protocol identification based on deep packet inspection,which contains the following aspects:(1)We investigate the existing main network traffic detection technology,including port identification technology,DPI technology,DFI technology,and in combination with their respective advantages and disadvantages of the comparative analysis;also on the BF algorithm,BM algorithm,KMP algorithm,AC multi-mode Matching algorithm is summarized and summarized.(2)We give the demand and design of the application layer flow identification system based on the deep packet inspection.According to the functional requirements analysis of the system,the whole system is divided into five modules: the packet capture module,the identification module,the communication module,the display module and storage modules.(3)We develop a demo system according to our design,which combines the existing development technology to realize the basic functions of each module.In the packet capture module and local storage,the technology is relatively mature LibPcap technology.For the protocol identification module,we exploit DPI depth packet detection technology and efficient AC multi-mode matching algorithm to achieve application layer protocol matching function.Our system displays that interface implementation is to support cross-platform experience Qt integrated development framework.Finally,we give the test of our system,which can realize the recognition of the application layer protocol and the fine-grained monitoring of the network.At the same time,the system can also recognize the new application layer protocol by adding the characteristics of the protocol.