摘要
由于P2P软件普遍采用动态端口以及负载加密技术,使得基于传输层端口和深度包检测技术的对等网流量识别受到限制。通过对P2P流量的分析发现其两种特性:一是P2P节点具有双面性特征,即P2P节点可以同时上传下载数据;二是P2P流量的正向流与反向流包到达时间间隔方差比始终在一定区间内波动。由此提出基于节点及流量行为特征的P2P流量识别方法,并将其应用于网络流量监测。实验表明:该方法可识别新应用及加密流量,具有客观性,其流识别率为93%,字节识别率为95.5%。
The current P2P software uses dynamic ports and load encryption technology widely so that it limits peer-to-peer network traffic identification, which is based on the transport layer port and deep packet inspection (DPI) technology. Through the P2P traffic a- nalysis,it is found that P2P node has double characteristics:firstly, P2P nodes can upload and also download the data, which means the nodes have duality;secondly ,the variance ratio of forward and reverse flow package of time interval fluctuates within a certain range. Thus a P2P traffic identification method based on nodes and flow behavior characteristics is proposed and applied to network traffic monitoring. The results show that this method can objectively identify new applications and encrypted traffic with 93% flow identification rate and 95.5% byte identification rate.
出处
《济南大学学报(自然科学版)》
CAS
北大核心
2014年第4期265-269,共5页
Journal of University of Jinan(Science and Technology)
基金
国家自然科学基金(61373027)
山东省自然科学基金(ZR2012FM023)
关键词
对等网
流量识别
传输层
流量特征
P2P
traffic identication
transport layer
flow characteristic