摘要
P2P(Peer-to-Peer)系统在文件共享、协同计算、流媒体等领域获得了广泛应用。随着P2P技术的发展,越来越多的P2P应用对数据进行加密传输,加大了对其流量的识别难度。通过对MSE(Message Stream Encryption)协议特征的分析,提出了还原MSE协议消息流,实现BT(BitTorrent)加密流量识别的方法。修改了开源BT客户端Vuze,利用其收集的真实BT流量信息来检验本方法,结果表明该方法与现有的DPI(deep packet inspection)技术结合,对网络中BT流量进行识别,具有较高的召回率和准确率,同时保持了较低的误报率。
Peer-to-peer systems have been widely used in file sharing,cooperative computing and video streaming.With the development of P2P technique,more and more P2P applications use encrypted data transmission,which makes it more difficult to identify P2P traffic.In this paper,we analyze the features of BitTorrent encryption protocol,message stream encryption protocol,and propose an identification method of BT encrypted traffic based on the resembling of MSE message stream.We modify the source code of an open source BT client,Vuze,to generate the real BT traffic and enable it to report the information of BT traffic.With this information,this paper evaluate our method combined with deep packet inspection.The results indicate that our method can get high recall and precision rate,and keep a low false positive rate.
出处
《计算机与数字工程》
2010年第11期110-113,131,共5页
Computer & Digital Engineering
基金
江苏省自然科学基金项目(编号:BK2009589)
江苏省高校自然科学研究计划项目(编号:09KJD520009
08KJB520011)
国家级大学生创新性实验计划项目(编号:57315917)资助
关键词
对等网络
消息流加密
流量识别
peer-to-peer
message stream encryption
traffic identification