| For the past few years,as the high-speed development of the network,the use of the Internet is more and more widely.Network provide users with convenient services as well as potential dangers,such as user information leakage?man-in-the-middle attacks and so on.Deep packet inspection technology can detect the contents of packet payload to identify the illegal content,but it can not detect the payload which is encrypted.Deep packet inspection system that load content on encrypted traffic is meaningless and reduce overall detection efficiency.Therefore,it is necessary to identify and extract the encrypted traffic from the network traffic,and then perform deep packet inspection on unencrypted traffic.This thesis mainly deals with two aspects: one is the identification of encrypted traffic and the other is deep packet inspection on unencrypted traffic.The first aspect is the identification of the encrypted traffic.By analyzing the existing traffic identification technologies and considering the advantages and disadvantages of various identification technologies,it is concluded that the recognition model based on DPI has the highest recognition rate.Encrypted traffic with plaintext data in the interactive phase can be identified by DPI,but DPI technology can not be used in cases where a plaintext data can not be obtained or a private protocol is used.Therefore,according to the randomness of the encrypted traffic,the information entropy technique is applied to the encrypted traffic identification model.The dynamic adjustment of the threshold value is carried out by using the PID control principle at the same time,and an encrypted traffic identification system combining DPI and information entropy is proposed.Experimental results showed that the proposed Encrypted traffic identification model has a higher recognition rate than the existing encrypted traffic identification model.The second aspect is the deep packet inspection of unencrypted traffic.This thesis analyzed the regular expression matching algorithm used in the deep packet inspection system.Most of the optimization algorithms present took time for space,whereas the filtering form of the matching model does not increase the time complexity.Therefore,this thesis is optimized for regular expression matching in the form of filtering.Since the existing filtering method is simple,and the filtering process use the traditional DFA to perform one state transition for each input character in the data to be matched,each state transition needs to perform an access memory operation which is time-consuming.This thesis proposed a regular expression matching model based on grouping and previewing.In the preview phase,a finite automaton matching algorithm based on step is used to perform a state transition of multiple input characters.The matching algorithm increase match speed and reduce the transfer table of memory space,as well as a good matching effect for complex regular expressions.Experiments show that,after high-speed matching of the pre-inspection model,the amount of data which goes into the verification module significantly reduced,such that the overall matching performance further improved. |
PDF Full Text Request