网络流量识别关键技术研究
|
摘要
随着网络基础设施的持续建设和网络终端技术的发展,国内网络用户数量和网络应用规模快速增长。国家对于第三代移动通信技术、三网融合工程和物联网等新兴技术领域的政策扶持进一步加速了网络信息化的发展。网络应用的发展加快了产业融合,提升了社会运行效率,丰富了人们的精神生活,但是也带来了网络流量急剧膨胀、网络信息安全隐患加大和网络传播内容监管困难等多方面的问题。网络运营商、企业和政府监管部门对于网络流量的监督管理需求不断加大,而精确快速的网络流量识别能力是解决这些问题的首要前提。
本文旨在应对使用加密传输、动态端口传输等新兴的反识别技术的挑战,在分析现有网络流量识别技术的优缺点和关键技术点的基础上,深入研究网络流量识别方法、识别特征自动提取方法和网络流量识别管理系统的关键技术,从而有助于合理控制网络带宽消耗,提供差异化网络服务,有助于有效监管网络传播内容,防范网络安全威胁。本文的主要内容包括:
(1)基于深度报文检测的网络流量识别方法具有识别准确率高、识别效率快的优点,而识别规则的准确性直接影响到识别结果。针对现有依靠人工提取识别规则无法满足众多网络应用软件更新改版所带来的识别规则更新的需求,本文提出采用改进的基于PrefixSpan序列模式挖掘算法的网络流量识别特征自动提取方法,在序列连续属性和偏移属性的约束下,通过双层迭代方式从同一网络协议或网络应用软件生成的多组网络流量中自动提取出共有的网络流量识别特征。该算法挖掘出网络流量中存在的全部连续频繁子序列集合,并通过偏移约束有效控制频繁序列的规模。实验表明,通过合理设定算法参数,可以得到有效的高精度的网络流量识别特征。
(2)基于半监督学习的网络流量识别方法能够有效识别未知网络流量,并且易于将聚类生成结果与实际网络应用类型进行匹配。现有基于半监督学习的网络流量识别方法采用的基于K均值的聚类算法饱受初始簇中心选择结果的影响。本文改进了原有基于半监督学习的网络流量识别方法中随机选择K均值算法初始簇中心的模式,采用基于己标记数据对象和贪心算法的原理来选择初始簇中心,对聚类结果依据最大似然估计与实际的网络应用类型相匹配,从而加速了聚类算法的收敛速度。实验结果表明,相比于原有算法,改进的算法在识别结果的总体准确率和平方误差和指标上均具有优势。
(3)现有的网络流量识别控制系统架构大多采用单一的流量识别方法,在追求识别准确率和效率与识别未知网络流量两个方面存在矛盾。本文改进了已有的系统架构,提出基于深度报文检测识别方法和基于数据挖掘识别方法相结合的系统架构。架构采用独立识别、以优先级为标准统一判定的模式进行网络流量识别。同时,架构中加入了网络流量识别规则自动提取模块和网络流量识别模型训练模块,利用抽样算法选取部分网络流量识别结果进行自学习来自动更新维护识别规则库和基于数据挖掘算法的识别方法中使用的网络流量识别模型。架构支持多种流量控制手段和部署方式。
(4)对于网络流量进行识别的目的是为了对特殊流量进行管理控制,而限制传输速度是其中的主要需求之一。已有的网络流量旁路限速方法无论是采用发送伪造的干扰报文的手段还是网络设备联动控制的手段均存在局限性。本文提出基于TCP协议头部格式中滑动窗口字段的网络流量旁路限速方法。方法依照TCP协议规定的传输流程,通过发送带有伪造滑动窗口值的干扰数据包,使得旁路部署的网络流量识别控制设备可以精确控制采用TCP协议传输的数据流的传输速率。另外,本文提出网络流量自身成分比例因素对于流量识别控制系统吞吐量的影响评估模型,从数据流和数据字节数两个方面给出评估公式,用于量化得出系统在给定的网络流量构成比例下的实际解析能力,从而在进行系统性能评估时减少系统性能的设计冗余。
With the constant development of network infrastructure and network terminal technology, the number of netizen and network application in China is increasing raplidly. Informatization construction profits from the government support in the third generation of mobile technology, triple play and networking. All of these efforts accelerate industry convergence and enrich people's spiritual and cultural life. However, administrative department faces new problems, such as the demand of different quality of service by Internet Service Providers, the threat of network and information security, and the necessity of sex and violent content regulation. The ability to classify network traffic accurately and efficiently is the key point to all of these questions.
In this paper, the advantages and drawbacks of main network traffic classification algorithms are concluded. In order to face the challenges from the anti-identification technologies, including using random port or encryption in transmit, network traffic classification algorithm based on semi-supervised clustering, automatically signatures mining algorithm and network traffic management system are researched in this paper. The main contributions of this paper are as follow:
(1) The approach based on payload signatures presents more accurately and efficiently than other algorithms in network traffic classification. The performance of payload-based approach heavily depends on abundant and real-time signatures database. Existing approach used to dig out payload signatures involves a manual process which is time-consulting and complicated. In this paper, a novel payload signatures mining algorithm based on PrefixSpan is proposed to automatically extract signatures from special network application traffic. The mining process with continuous sequential pattern restriction and offset constraint in payload significantly reduces the size of final signatures database. The algorithm mines the complete set of signatures with offset constraint and outperforms Apriori-based algorithm. Moreover, the experimental results show high precision and low error rate using these mined features in network traffic classification.
(2) The diminished accuracy of port-based classification and the incapability in unknown traffic indentification of payload-based classification motivate the use of transport layer statistics for network traffic classification. The approaches based on semi-supervised clustering can identify unknown network traffic and map unlabeled clusters to network applications easily. A novel semi-supervised clustering approach based on improved K-Means clustering algorithm is proposed in this paper to partition a training network flows set that contains a huge number of unlabeled flows and scarce labeled flows. Greedy algorithm and labeled flows are used to initialize clusters centers instead of the random selection of the cluster centers. Maximum likelihood estimation is selected to construct a mapping from the clusters to the predefined traffic classes set. The experimental results show that both the overall accuracy and SSE value of our algorithm present better than those based on normal K-Means algorithm.
(3) Only one network traffic classification approach is employed in almost every existing network traffic management system. There is a contradiction between unknown traffic identification and the accuracy of classification results. A novel framework using both payload-based algorithm and machine learning algorithm is constructed in this paper. The results generated by each algorithm will be estimated centralized under special standard. Meanwhile, modules for automatically signatures mining and self-learning in machine learning algorithm are adopted in the framework in order to update the system timely. The framework also supports various network traffic control methods and can be deployed in path or bypass pattern.
(4) Network speed restriction is the chief demand for network management. After identifying network traffic, network management system in bypass pattern can send manual constructed packets or notice other network security systems to manage special network flows. However, these methods are limited because of the complexity or effect. A novel approach is proposed in this paper using sliding window field of TCP protocol to restrict network speed in bypass deployment pattern. Packets with constructed sliding window field are sent to control network flows speed in byte unit. In addition, performance evaluation model for network traffic classification is constructed in this paper. Formulas in byte unit and flow unit can be adopted to calculate data throughput of network management system in performance evaluation, therefore redundancy will be reduced.
本文旨在应对使用加密传输、动态端口传输等新兴的反识别技术的挑战,在分析现有网络流量识别技术的优缺点和关键技术点的基础上,深入研究网络流量识别方法、识别特征自动提取方法和网络流量识别管理系统的关键技术,从而有助于合理控制网络带宽消耗,提供差异化网络服务,有助于有效监管网络传播内容,防范网络安全威胁。本文的主要内容包括:
(1)基于深度报文检测的网络流量识别方法具有识别准确率高、识别效率快的优点,而识别规则的准确性直接影响到识别结果。针对现有依靠人工提取识别规则无法满足众多网络应用软件更新改版所带来的识别规则更新的需求,本文提出采用改进的基于PrefixSpan序列模式挖掘算法的网络流量识别特征自动提取方法,在序列连续属性和偏移属性的约束下,通过双层迭代方式从同一网络协议或网络应用软件生成的多组网络流量中自动提取出共有的网络流量识别特征。该算法挖掘出网络流量中存在的全部连续频繁子序列集合,并通过偏移约束有效控制频繁序列的规模。实验表明,通过合理设定算法参数,可以得到有效的高精度的网络流量识别特征。
(2)基于半监督学习的网络流量识别方法能够有效识别未知网络流量,并且易于将聚类生成结果与实际网络应用类型进行匹配。现有基于半监督学习的网络流量识别方法采用的基于K均值的聚类算法饱受初始簇中心选择结果的影响。本文改进了原有基于半监督学习的网络流量识别方法中随机选择K均值算法初始簇中心的模式,采用基于己标记数据对象和贪心算法的原理来选择初始簇中心,对聚类结果依据最大似然估计与实际的网络应用类型相匹配,从而加速了聚类算法的收敛速度。实验结果表明,相比于原有算法,改进的算法在识别结果的总体准确率和平方误差和指标上均具有优势。
(3)现有的网络流量识别控制系统架构大多采用单一的流量识别方法,在追求识别准确率和效率与识别未知网络流量两个方面存在矛盾。本文改进了已有的系统架构,提出基于深度报文检测识别方法和基于数据挖掘识别方法相结合的系统架构。架构采用独立识别、以优先级为标准统一判定的模式进行网络流量识别。同时,架构中加入了网络流量识别规则自动提取模块和网络流量识别模型训练模块,利用抽样算法选取部分网络流量识别结果进行自学习来自动更新维护识别规则库和基于数据挖掘算法的识别方法中使用的网络流量识别模型。架构支持多种流量控制手段和部署方式。
(4)对于网络流量进行识别的目的是为了对特殊流量进行管理控制,而限制传输速度是其中的主要需求之一。已有的网络流量旁路限速方法无论是采用发送伪造的干扰报文的手段还是网络设备联动控制的手段均存在局限性。本文提出基于TCP协议头部格式中滑动窗口字段的网络流量旁路限速方法。方法依照TCP协议规定的传输流程,通过发送带有伪造滑动窗口值的干扰数据包,使得旁路部署的网络流量识别控制设备可以精确控制采用TCP协议传输的数据流的传输速率。另外,本文提出网络流量自身成分比例因素对于流量识别控制系统吞吐量的影响评估模型,从数据流和数据字节数两个方面给出评估公式,用于量化得出系统在给定的网络流量构成比例下的实际解析能力,从而在进行系统性能评估时减少系统性能的设计冗余。
With the constant development of network infrastructure and network terminal technology, the number of netizen and network application in China is increasing raplidly. Informatization construction profits from the government support in the third generation of mobile technology, triple play and networking. All of these efforts accelerate industry convergence and enrich people's spiritual and cultural life. However, administrative department faces new problems, such as the demand of different quality of service by Internet Service Providers, the threat of network and information security, and the necessity of sex and violent content regulation. The ability to classify network traffic accurately and efficiently is the key point to all of these questions.
In this paper, the advantages and drawbacks of main network traffic classification algorithms are concluded. In order to face the challenges from the anti-identification technologies, including using random port or encryption in transmit, network traffic classification algorithm based on semi-supervised clustering, automatically signatures mining algorithm and network traffic management system are researched in this paper. The main contributions of this paper are as follow:
(1) The approach based on payload signatures presents more accurately and efficiently than other algorithms in network traffic classification. The performance of payload-based approach heavily depends on abundant and real-time signatures database. Existing approach used to dig out payload signatures involves a manual process which is time-consulting and complicated. In this paper, a novel payload signatures mining algorithm based on PrefixSpan is proposed to automatically extract signatures from special network application traffic. The mining process with continuous sequential pattern restriction and offset constraint in payload significantly reduces the size of final signatures database. The algorithm mines the complete set of signatures with offset constraint and outperforms Apriori-based algorithm. Moreover, the experimental results show high precision and low error rate using these mined features in network traffic classification.
(2) The diminished accuracy of port-based classification and the incapability in unknown traffic indentification of payload-based classification motivate the use of transport layer statistics for network traffic classification. The approaches based on semi-supervised clustering can identify unknown network traffic and map unlabeled clusters to network applications easily. A novel semi-supervised clustering approach based on improved K-Means clustering algorithm is proposed in this paper to partition a training network flows set that contains a huge number of unlabeled flows and scarce labeled flows. Greedy algorithm and labeled flows are used to initialize clusters centers instead of the random selection of the cluster centers. Maximum likelihood estimation is selected to construct a mapping from the clusters to the predefined traffic classes set. The experimental results show that both the overall accuracy and SSE value of our algorithm present better than those based on normal K-Means algorithm.
(3) Only one network traffic classification approach is employed in almost every existing network traffic management system. There is a contradiction between unknown traffic identification and the accuracy of classification results. A novel framework using both payload-based algorithm and machine learning algorithm is constructed in this paper. The results generated by each algorithm will be estimated centralized under special standard. Meanwhile, modules for automatically signatures mining and self-learning in machine learning algorithm are adopted in the framework in order to update the system timely. The framework also supports various network traffic control methods and can be deployed in path or bypass pattern.
(4) Network speed restriction is the chief demand for network management. After identifying network traffic, network management system in bypass pattern can send manual constructed packets or notice other network security systems to manage special network flows. However, these methods are limited because of the complexity or effect. A novel approach is proposed in this paper using sliding window field of TCP protocol to restrict network speed in bypass deployment pattern. Packets with constructed sliding window field are sent to control network flows speed in byte unit. In addition, performance evaluation model for network traffic classification is constructed in this paper. Formulas in byte unit and flow unit can be adopted to calculate data throughput of network management system in performance evaluation, therefore redundancy will be reduced.
引文
[1]中国互联网络信息中心.第27次中国互联网络发展状况统计报告.http://www.cnnic.net.cn/dtygg/dtgg/201101/t20110118_20250.html.2011.
[2]工业与信息化部.关于推进光纤宽带网络建设的意见http://www.miit.gov.cn/n11293472/n11293832/n12843926/13139124.html.2010.
[3]工业与信息化部.关于推进第三代移动通信网络建设的意见.http://www.miit.gov.cn/n11293472/n11293832/n12843926/13139112.html.2010.
[4]国家计算机网络应急技术处理协调中心.网络安全信息与动态周报.2011年第7期.
[5]T. Karagiannis, A. Broido, M. Faloutsos, et al. Transport layer identification of P2P traffic[C]. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement. Taormina, Sicily, Italy,2004:121-134.
[6]P. Haffner, S. Sen, O. Spatscheck, et al. ACAS:Automated Construction of Application Signatures[C]. In Proceedings of ACM SIGCOMM conference on Computer Communications Philadelphia, PA, United States,2005:197-202.
[7]A. Madhukar, C. Williamson. A Longitudinal Study of P2P Traffic Classification[C]. In Proceedings of Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. Monterey, California,2006:179-188.
[8]Y. Zhang, V. Paxson. Detecting back doors[C]. In Proceedings of the 9th USENIX Security Symposium. Denver, Colorado, USA,2000:157-170.
[9]S. Sen, O. Spatscheck, D. Wang. Accurate, scalable in-network identification of P2P traffic using application signatures[C]. In Proceedings of thirteenth International World Wide Web Conference. New York, NY, United States, 2004:512-521.
[10]T. Karagiannis, A. Broido, N. Brownlee, et al. Is P2P dying or just hiding? [C]. In Proceedings of IEEE Global Telecommunications Conference. Dallas, TX, United States,2004:1532-1538.
[11]A. Spognardi, A. Lucarelli, R. D. Pietro. A methodology for P2P file-sharing traffic detection[C]. In Proceedings of Second International Workshop on Hot Topics in Peer-to-Peer Systems. San Diego, CA, United States,2005:52-61.
[12]W. Long, Y. Xin, Y. Yang. An Application-Level Signatures Extracting Algorithm Based on Offset Constraint[C]. In Proceedings of Intelligent Information Technology Application Workshops. Shanghai, China,2008:122-125.
[13]D. E. Knuth, J. H. Morris, V. R. Pratt. Fast pattern matching in strings[J]. SIAM Journal on Computing,1977,6(2):323-350.
[14]R. S. Boyer, J. S. Moore. A fast string searching algorithm[J]. Communications of the ACM,1977,20(10):762-772.
[15]A. V. Aho, M. J. Corasick. Efficient string matching:an aid to bibliographic search[J]. Communications of the ACM,1975,18(6):333-340.
[16]B. Commentz-Walter. A string matching algorithm fast on the average[C]. In Proceedings of the 6th Colloquium on Automata, Languages and Programming, 1979.
[17]黄昆,谢高岗.深度数据包检测技术研究进展[J].信息技术快报,2010,6(8):1-18.
[18]J. van Lunteren. High performance pattern-matching for intrusion detection[C]. In Proceedings of IEEE INFOCOM. Barcelona, Spain,2006.
[19]T. Song, W. Zhang, D. Wang. A memory efficient multiple pattern matching architecture for network security[C]. In Proceedings of IEEE INFOCOM. Phoenix, AZ, United states,2008:673-681.
[20]S. Dharmapurikar, J. Lockwood. Fast and scalable pattern matching for content filtering[C]. In Proceedings of ACM ANCS. Princeton, NJ, USA,2005:183-192.
[21]H. Lu, K. Zheng, B. Liu, et al. A memory-efficient parallel string matching architecture for high-speed intrusion detection[J]. IEEE Journal on Selected Areas in Communication,2006,34(10):1793-1804.
[22]S. Kumar, S. Dharmapurikar, F. Yu, et al. Algorithms to accelerate multiple regular expressions matching for deep packet inspection[C]. In Proceedings of ACM SIGCOMM,2006:339-350.
[23]S. Kumar, J. Turner, J. Williams. Advanced algorithms for fast and scalable deep packet inspection[C]. In Proceedings of ACM ANCS. San Jose, California, USA, 2006:81-92.
[24]M. Becchi, S. Cadambi. Memory-efficient regular expression search using state merging[C]. In Proceedings of IEEE INFOCOM. Anchorage, AK, United States, 2007:1064-1072.
[25]R. Smith, C. Estan, S. Jha. XFA:faster signature matching with extended automata[C]. In Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA, United States,2008:187-201.
[26]I. Dedinski, H. De Meer, L. Han, et al. Cross-Layer Peer-to-Peer Traffic Identification and Optimization Based on Active Networking[C], In Proceedings of the Seventh Annual International Working Conference on Active and Programmable Networks. Riviera, French,2005:111-121.
[27]F. Constantinou, P. Mavrommatis. Identifying Known and Unknown Peer-to-Peer Traffic[C]. In Proceedings of 5th IEEE International Symposium on Network Computing and Applications. Cambridge, MA, USA,2006:93-102.
[28]M. Horng, C. Chen, C. Chuang, et al. Identification and Analysis of P2P Traffic-An Example of BitTorrent[C]. In Proceedings of First International Conference on Innovative Computing, Information and Control. Beijing, China, 2006:266-269.
[29]K. Suh, D. R. Figueiredo, J. Kurose, et al. Characterizing and detecting Skype-relayed traffic:A case study using Skype[C], In Proceedings of 25th IEEE International Conference on Computer Communications. Barcelona, Spain, 2006:414-420.
[30]M. Roughan, S. Sen, O. Spatscheck, et al. Class-of-Service mapping for QoS:A statistical signature-based approach to IP traffic classification[C]. In Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference. Taormina, Italy, 2004:135-148.
[31]A. W. Moore, D. Zuev. Internet traffic classification using bayesian analysis techniques[C]. In Proceedings of Performance Evaluation Review. Banff, AB, 2005:50-60.
[32]N. Williams, S. Zander, G. Armitage. A preliminary performance comparison of five machine learning algorithms for Practical IP traffic flow classification[J]. Computer Communication Review,2006,36(5):7-15.
[33]H. Liu, W. Feng, Y. Huang, et al. A Peer-to-Peer traffic identification method using machine learning[C]. In Proceedings of 2007 International Conference on Networking, Architecture, and Storage. Guilin, China,2007:155-160.
[34]J. Erman, M. Arlitt, A. Mahanti. Traffic classification using clustering algorithms[C]. In Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. Pisa, Italy,2006:281-286.
[35]A. McGregor, M. Hall, P. Lorier, et al. Flow Clustering Using Machine Learning Techniques[C]. In Proceedings of PAM 2004. Antibes Juan-les-Pins, France, 2004.
[36]S. Zander, T. Nguyen, G. Armitage. Automated Traffic Classification and Application Identification using Machine Learning[C]. In LCN'05. Sydney, Australia,2005.
[37]J. Erman, A. Mahanti, M. Arlitt, et. al. Semi-supervised network traffic classification[C]. In Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems. New York, NY, USA,2007:369-370.
[38]柳斌,李之棠,涂浩.基于半监督学习的应用流分类方法[J],微电子学与计算机.Vol.27,2010:24-26.
[39]Frost, Sullivan. World intrusion detection and prevention systems markets.2007.
[40]W. R. Stevens. TCP/IP Illustrated Volume 1:The Protocols机械工业出版社,2000年4月.
[41]J. Han, M. Kamber.数据挖掘:概念与技术.机械工业出版社,2007年3月.
[42]W. Lee, S. J. Stolfo. Data mining approaches for intrusion detection[C]. In Proceedings of the 7th conference on USENIX Security Symposium. San Antonio, Texas, USA,1998.
[43]Hong Han, XianLiang Lu, Jun Lu, et. al. Data mining aided signature discovery in network-based intrusion detection system[J]. ACM SIGOPS Operating Systems Review,2002,36(4):7-13.
[44]龙文.无线移动环境下信息安全综合管理系统关键技术研究[学位论文].北京,北京邮电大学,2010.
[45]B. Park, Y. J. Won, M. Kim, et al. Towards automated application signature generation for traffic identification[C]. In Proceedings of IEEE/IFIP Network Operations and Management Symposium:Pervasive Management for Ubiquitous Networks and Services. Salvador, Bahia,2008:160-167.
[46]M. Zhang, D. Liu. Scalable and accurate application signature discovery[C]. In Proceedings of 2008 Pacific-Asia Workshop on Computational Intelligence and Industrial Application. Wuhan, China,2008:482-487.
[47]王虎,丁世飞.序列模式挖掘研究与发展[J].计算机科学.Vol.36,2009:14-17.
[48]R. Agrawal, R. Srikant. Mining sequential pattern[C]. In Proceeding of the 11th International Conference on Data Engineering. Taipei, China,1995.
[49]R. Agrawal, R. Srikant. Mining sequential patterns:Generalizations and performance improvements[C]. In Proceedings of the 5th International Conference on Extending Database Technology. Avignon,1996.
[50]M. J. Zaki, SPADE:An efficient algorithm for mining frequent sequences[J]. Machine Learning, Vol.42,2001:31-60.
[51]J. Han, J. Pei, B. Mortazavi-Asl, et al. Freespan, Frequent pattern-projected sequential pattern mining[C]. In Proceedings of 2000 International Conference of Knowledge Discovery and Data Mining. Boston, MA,2000:355-359.
[52]Jian Pei, Jiawei Han, Behzad Mortazavi-Asl, et al. PrefixSpan:Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth[C]. In Proceedings of 2001 International Conference of Data Eng.2001:215-224.
[53]X. Yan, J. Han, R. Afshar. CloSpan:mining closed sequential patterns in large datasets[J]. Data Mining,2003,16(5):40-45.
[54]H. Pinto, J. Han, J. Pei, et al. Multi-dimensional sequential pattern mining[C]. In Proceedings of the 10th International Conference on Information and Knowledge Management. Atlanta, New York,2001:81-88.
[55]J. Pei, J. Han, W. Wang. Mining sequential patterns with constraints in large databases[C]. In Proceedings of 11th International Conference on Information and Knowledge Management. McLean, USA,2002:18-25.
[56]M. Zhang, B. Kao, W. Cheung, et al. Efficient algorithms for incremental update of frequent sequences[C]. In Proceedings of the Pacific-Asia Conference on Knowledge Discovery and Data Mining. London, UK,2002:186-197.
[57]S. Parthasarathy, M. J. Zaki, M. Ogihara, et al. Incremental and interactive sequence mining[C]. In Proceedings of the 8th International Conference on Information and Knowledge Management. Kansas City, New York, 1999:251-258.
[58]H. Cheng, X. Yan, J. Han. IncSpan:incremental mining of sequential patterns in large database[C]. In Proceedings of the 10th International Conference on Knowledge Discovery and Data Mining. New York, USA,2004:527-532.
[59]F. Qian, G. Hu, X. Yao. Semi-supervised internet network traffic classification using a Gaussian mixture model[J], AEU-International Journal of Electronics and Communications, Vol.62,2008:557-564.
[60]顾涛,张兴智.K均值聚类法结果的非确定性实验研究及其改进[J].计算机学报,Vol.5,1984:390-398.
[61]He Ji, Lan M, Tan C L, et al. Initialization of cluster refinement algorithms:a review and comparative study[C]. In Proceedings of International Joint Conference on Neural Networks. Budapest.2004:297-302.
[62]M. M. Astrhn. Speech Analysis by Clustering, or the Hyperphoneme Method[J]. Stanford Artificial Intelligence Project, Mem. AIM-124, AD709067, Stanford Univ., Stanford, California,1970.
[63]L. Kaufman. Finding groups in data:an introduction to cluster analysis[M]. New York:Wiley,1990:64-75.
[64]牛琨,张舒博,陈俊亮.融合网格密度的聚类中心初始化方案[J].北京邮电大学学报,Vol.30,2007:6-10.
[65]G. H. Hall, I. J. Hall. PROMENADE-An Outline Pattern Recognition System. RADC-TR-67-310, AD822174, Stanford Res Inst., Menlopatk. California, 1967:72.
[66]I. Katsavounidis, C. J. Kuo, Z. Zhang. A new initialization technique for generalized Lloyd iteration[J]. IEEE Signal Processing Letters,1994, 1(10):144-146.
[67]Telegeography. Global Internet Geography.2010.
[68]CCID.2009-2010年中国信息安全产品市场研究年度报告.2010.
[69]R. Alshammari, A. N. Zincir-Heywood. A flow based approcach for SSH traffic detection[C]. In Proceedings of 2007 ISIC IEEE International Conference. 2009:296-301.
[70]H. Mannila, H Toivonen, A. I. Verkamo. Discovery of frequent episodes in event sequences[J]. In Data Mining and Knowledge Discovery.1997:259-289.
[71]C. Dewes, A. Wichmann, A. Feldmann. An analysis of internet char systems[C]. In Proceedings of ACM SIGCOMM Internet Measurement Conference.2003.
[72]R. Srikant, R.Agrawal. Mining quantitative association rules in large relational tables[C]. In Proceedings of 1996 ACM-SIGMOD Int. Conf. Management of Data. Montreal, Canada,1996:1-12.
[73]R. Alshammari, A. N. Zincir-Heywood. Investigating Two Different Approaches for Encrypted Traffic Classification[C]. In Proceedings of Privacy, Security and Trust,2008:156-166.
[74]J. Erman, A. Mahanti, Arlitt M, et al. Identifying and discriminating between web and peer-to-peer traffic in the network core[C]. In Proceedings of the 16th international conference on World Wide Web. New York, USA,2007:883-892.
[75]C. Dews, A. Wichmann, A. Feldmann. An analysis of internet chat systems[C]. In Proceedings of IMC'03. Miami Beach, USA,2003:51-64.
[76]T. Karagiannis, K. Papagiannaki, M. Faloutsos. BLINK:multilevel traffic classification in the dark[C]. In Proceedings of SIGCOMM'05. Philadelphia, USA,2005:229-240.
[77]L. Bernaille, R. Teixeira. Early recognition of encrypted applications[C]. In Proceedings of 8th International Conference on Passive and Active Network Measurement. Louvain-la-Neuve, Belgium,2007:165-175.
[78]L. Bernaille, R. Teixeira, I. Akodkenou, et al. Traffic classification on the fly[J]. Computer Communication Review,2006,36(2):23-26.
[79]T. Nguyen, G. Armitage. Training on multiple sub-flows to optimize the use of machine learning classifiers in real-world IP networks[C]. In Proceedings of 31st IEEE Conference on Local Computer Networks Tampa. FL, USA,2006:369-376.
[80]A. W. Moore, D. Zuev. Discriminators for use in flow-based classification[J]. In Technical Report RR-05-13:Department of Computer Science, Queen Mary, University of London,2005.
[81]J. Erman, A. Mahanti, M. Ailitt, et al. Offline/realtime traffic classification using semi-supervised learning[J]. Performance Evaluation,2007,64(9-12):1194-1213.
[82]S. Saroiu, P. K. Gummadi, S. D. Gribble. A measurement study of Peer-to-Peer file sharing systems[C]. In Proceedings of SPIE-The International Society for Optical Engineering. San Jose, CA, United States,2002:156-170.
[83]杨岳湘,王锐,唐川.基于双重特征的P2P流量检测方法[J].通信学报,2006,27(11A):135-138.
[84]H. Bleul, E. P. Rathgeb, S. Zilling. Advanced P2P multiprotocol traffic analysis based on application level signature detection[C]. In Proceedings of 12th International Telecommunications Network Strategy and Planning Symposium. New Delhi, India,2007:408-418.
[85]H. Bleul, E. P. Rathgeb. A simple, efficient and flexible approach to measure multi-protocol Peer-to-Peer traffic[C]. In Proceedings of 4th International Conference on Networking. Reunion Island, France,2005:606-616.
[86]H. Bleuil, E. P. Rathgeb, S. Zilling. Evaluation of an efficient measurement concept for P2P multiprotocol traffic analysis[C]. In Proceedings of 32nd Euromicro Conference on Software Engineering and Advanced Applications. Cavtat/Dubrovnik, Croatia,2006:414-421.
[87]A. Madhukar, C. Williamson. A Longitudinal Study of P2P Traffic Classification[C]. In Proceedings of Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. Monterey, California, USA, 2006:179-188.
[88]M. B. Eisen, P. T. Spellman, P. O. Brown, et al. Cluster Analysis and Display of Genome-wide Expression Patterns[J]. Genetics,1998,95(1):14863-15868.
[89]赵艳厂,宋梅,谢帆,等.用于不同密度聚类的多阶段等密度线算法[J].北京邮电大学学报,2003,26(2):42-47.
[90]刘利锋,郑志彬,朱洪亮,赵凯.通信控制方法、装置及系统.中国,发明专利,申请(专利)号:200610106743.2.
[91]谭炜,吴健.基于半监督学习的P2P协议识别[J].计算机工程与设计2009(002):291-293.
[92]沈富可,常潘,任肖丽.基于BP神经网络的P2P流量识别研究[J].计算机应用.2007,27(B12):44-45.
[93]杨虎,张大方,谢鲲,等Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J].计算机工程与科学.2009,31(010):8-11.
[94]韦安明,王洪波,程时端,等.高速网络中P2P流量检测及控制方法[J].北京邮电大学学报.2007,30(005):117-120.
[95]陈姝,周勇林.P2P技术的研究与应用[J].计算机工程与应用.2002,38(013):20-23.
[96]Reno, NV. An Analysis of Flow Identification in QoS Systems[C]. In Proceedings of ACM SIGCSE 2003. Reno, USA,2003.
[97]J. Frank. Machine Learning and Intrusion Detection:Current and Future Directions[C]. In Proceedings of the National 17th Computer Security Conference.1994.
[98]V. Paxson. Bro:A System for Detecting Network Intruders inReal-Time[J]. Comput. Networks,1999,31(23-24):2435-2463.
[99]Lin Guanzhou, Xin Yang, Niu Xinxin, et al. Network traffic classification based on semi-supervised clustering[J]. Journal of China Universities of Posts and Telecommunications,2010,17:84-88.
[100]Lin Guanzhou, Xin Yang, Yang Yixian, et al. An application-level features mining algorithm based on PrefixSpan[C]. In Proceedings of 2010 International Conference on Computer Engineering and Technology, ICCET 2010. Chengdu, China,2010:461-465.
[101]Lin Guanzhou, Xin Yang, Yang Yixian. An improved PrefixSpan-based signatures mining algorithm with offset constraint[C]. In Proceedings of 2nd International Workshop on Intelligent Systems and Applications, ISA 2010. Wuhan, China,2010.
[102]J. Yang, Wang Wei, P. S. Yu. Mining asynchronous periodic patterns in time series data[C]. In Proceedings of the 6th International Conference on Knowledge Discovery and Data Mining. New York, USA,2000:275-279.
[103]邹翔,张巍,刘洋,等.分布式序列模式发现算法的研究[J].软件学报,2005,16(7):1262-1269.
[104]C. Kanich, C. Kreibich, K. Levchenko, et al. Spamalytics:an empirical analysis of spam marketing conversion[J]. Communications of ACM,2009, 52(9):99-107.
[105]R. Sommer, V. Paxson, N. Weaver. An architecture for exploiting multi-core processors to parallelize network intrusion detection prevention[J]. Concurrency and Computation:Practice and Experience,2009,21:1255-1279.
[106]刘颖秋,李巍,李云春.网络流量分类与应用识别的研究[J].计算机应用研究.2008,25(005):1492-1495.
[107]柳斌.P2P流的测量与识别方法研究[学位论文].武汉,华中科技大学,2008.
[108]李锐.IP网业务识别关键技术研究[学位论文].北京,北京邮电大学,2010.
[2]工业与信息化部.关于推进光纤宽带网络建设的意见http://www.miit.gov.cn/n11293472/n11293832/n12843926/13139124.html.2010.
[3]工业与信息化部.关于推进第三代移动通信网络建设的意见.http://www.miit.gov.cn/n11293472/n11293832/n12843926/13139112.html.2010.
[4]国家计算机网络应急技术处理协调中心.网络安全信息与动态周报.2011年第7期.
[5]T. Karagiannis, A. Broido, M. Faloutsos, et al. Transport layer identification of P2P traffic[C]. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement. Taormina, Sicily, Italy,2004:121-134.
[6]P. Haffner, S. Sen, O. Spatscheck, et al. ACAS:Automated Construction of Application Signatures[C]. In Proceedings of ACM SIGCOMM conference on Computer Communications Philadelphia, PA, United States,2005:197-202.
[7]A. Madhukar, C. Williamson. A Longitudinal Study of P2P Traffic Classification[C]. In Proceedings of Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. Monterey, California,2006:179-188.
[8]Y. Zhang, V. Paxson. Detecting back doors[C]. In Proceedings of the 9th USENIX Security Symposium. Denver, Colorado, USA,2000:157-170.
[9]S. Sen, O. Spatscheck, D. Wang. Accurate, scalable in-network identification of P2P traffic using application signatures[C]. In Proceedings of thirteenth International World Wide Web Conference. New York, NY, United States, 2004:512-521.
[10]T. Karagiannis, A. Broido, N. Brownlee, et al. Is P2P dying or just hiding? [C]. In Proceedings of IEEE Global Telecommunications Conference. Dallas, TX, United States,2004:1532-1538.
[11]A. Spognardi, A. Lucarelli, R. D. Pietro. A methodology for P2P file-sharing traffic detection[C]. In Proceedings of Second International Workshop on Hot Topics in Peer-to-Peer Systems. San Diego, CA, United States,2005:52-61.
[12]W. Long, Y. Xin, Y. Yang. An Application-Level Signatures Extracting Algorithm Based on Offset Constraint[C]. In Proceedings of Intelligent Information Technology Application Workshops. Shanghai, China,2008:122-125.
[13]D. E. Knuth, J. H. Morris, V. R. Pratt. Fast pattern matching in strings[J]. SIAM Journal on Computing,1977,6(2):323-350.
[14]R. S. Boyer, J. S. Moore. A fast string searching algorithm[J]. Communications of the ACM,1977,20(10):762-772.
[15]A. V. Aho, M. J. Corasick. Efficient string matching:an aid to bibliographic search[J]. Communications of the ACM,1975,18(6):333-340.
[16]B. Commentz-Walter. A string matching algorithm fast on the average[C]. In Proceedings of the 6th Colloquium on Automata, Languages and Programming, 1979.
[17]黄昆,谢高岗.深度数据包检测技术研究进展[J].信息技术快报,2010,6(8):1-18.
[18]J. van Lunteren. High performance pattern-matching for intrusion detection[C]. In Proceedings of IEEE INFOCOM. Barcelona, Spain,2006.
[19]T. Song, W. Zhang, D. Wang. A memory efficient multiple pattern matching architecture for network security[C]. In Proceedings of IEEE INFOCOM. Phoenix, AZ, United states,2008:673-681.
[20]S. Dharmapurikar, J. Lockwood. Fast and scalable pattern matching for content filtering[C]. In Proceedings of ACM ANCS. Princeton, NJ, USA,2005:183-192.
[21]H. Lu, K. Zheng, B. Liu, et al. A memory-efficient parallel string matching architecture for high-speed intrusion detection[J]. IEEE Journal on Selected Areas in Communication,2006,34(10):1793-1804.
[22]S. Kumar, S. Dharmapurikar, F. Yu, et al. Algorithms to accelerate multiple regular expressions matching for deep packet inspection[C]. In Proceedings of ACM SIGCOMM,2006:339-350.
[23]S. Kumar, J. Turner, J. Williams. Advanced algorithms for fast and scalable deep packet inspection[C]. In Proceedings of ACM ANCS. San Jose, California, USA, 2006:81-92.
[24]M. Becchi, S. Cadambi. Memory-efficient regular expression search using state merging[C]. In Proceedings of IEEE INFOCOM. Anchorage, AK, United States, 2007:1064-1072.
[25]R. Smith, C. Estan, S. Jha. XFA:faster signature matching with extended automata[C]. In Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA, United States,2008:187-201.
[26]I. Dedinski, H. De Meer, L. Han, et al. Cross-Layer Peer-to-Peer Traffic Identification and Optimization Based on Active Networking[C], In Proceedings of the Seventh Annual International Working Conference on Active and Programmable Networks. Riviera, French,2005:111-121.
[27]F. Constantinou, P. Mavrommatis. Identifying Known and Unknown Peer-to-Peer Traffic[C]. In Proceedings of 5th IEEE International Symposium on Network Computing and Applications. Cambridge, MA, USA,2006:93-102.
[28]M. Horng, C. Chen, C. Chuang, et al. Identification and Analysis of P2P Traffic-An Example of BitTorrent[C]. In Proceedings of First International Conference on Innovative Computing, Information and Control. Beijing, China, 2006:266-269.
[29]K. Suh, D. R. Figueiredo, J. Kurose, et al. Characterizing and detecting Skype-relayed traffic:A case study using Skype[C], In Proceedings of 25th IEEE International Conference on Computer Communications. Barcelona, Spain, 2006:414-420.
[30]M. Roughan, S. Sen, O. Spatscheck, et al. Class-of-Service mapping for QoS:A statistical signature-based approach to IP traffic classification[C]. In Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference. Taormina, Italy, 2004:135-148.
[31]A. W. Moore, D. Zuev. Internet traffic classification using bayesian analysis techniques[C]. In Proceedings of Performance Evaluation Review. Banff, AB, 2005:50-60.
[32]N. Williams, S. Zander, G. Armitage. A preliminary performance comparison of five machine learning algorithms for Practical IP traffic flow classification[J]. Computer Communication Review,2006,36(5):7-15.
[33]H. Liu, W. Feng, Y. Huang, et al. A Peer-to-Peer traffic identification method using machine learning[C]. In Proceedings of 2007 International Conference on Networking, Architecture, and Storage. Guilin, China,2007:155-160.
[34]J. Erman, M. Arlitt, A. Mahanti. Traffic classification using clustering algorithms[C]. In Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. Pisa, Italy,2006:281-286.
[35]A. McGregor, M. Hall, P. Lorier, et al. Flow Clustering Using Machine Learning Techniques[C]. In Proceedings of PAM 2004. Antibes Juan-les-Pins, France, 2004.
[36]S. Zander, T. Nguyen, G. Armitage. Automated Traffic Classification and Application Identification using Machine Learning[C]. In LCN'05. Sydney, Australia,2005.
[37]J. Erman, A. Mahanti, M. Arlitt, et. al. Semi-supervised network traffic classification[C]. In Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems. New York, NY, USA,2007:369-370.
[38]柳斌,李之棠,涂浩.基于半监督学习的应用流分类方法[J],微电子学与计算机.Vol.27,2010:24-26.
[39]Frost, Sullivan. World intrusion detection and prevention systems markets.2007.
[40]W. R. Stevens. TCP/IP Illustrated Volume 1:The Protocols机械工业出版社,2000年4月.
[41]J. Han, M. Kamber.数据挖掘:概念与技术.机械工业出版社,2007年3月.
[42]W. Lee, S. J. Stolfo. Data mining approaches for intrusion detection[C]. In Proceedings of the 7th conference on USENIX Security Symposium. San Antonio, Texas, USA,1998.
[43]Hong Han, XianLiang Lu, Jun Lu, et. al. Data mining aided signature discovery in network-based intrusion detection system[J]. ACM SIGOPS Operating Systems Review,2002,36(4):7-13.
[44]龙文.无线移动环境下信息安全综合管理系统关键技术研究[学位论文].北京,北京邮电大学,2010.
[45]B. Park, Y. J. Won, M. Kim, et al. Towards automated application signature generation for traffic identification[C]. In Proceedings of IEEE/IFIP Network Operations and Management Symposium:Pervasive Management for Ubiquitous Networks and Services. Salvador, Bahia,2008:160-167.
[46]M. Zhang, D. Liu. Scalable and accurate application signature discovery[C]. In Proceedings of 2008 Pacific-Asia Workshop on Computational Intelligence and Industrial Application. Wuhan, China,2008:482-487.
[47]王虎,丁世飞.序列模式挖掘研究与发展[J].计算机科学.Vol.36,2009:14-17.
[48]R. Agrawal, R. Srikant. Mining sequential pattern[C]. In Proceeding of the 11th International Conference on Data Engineering. Taipei, China,1995.
[49]R. Agrawal, R. Srikant. Mining sequential patterns:Generalizations and performance improvements[C]. In Proceedings of the 5th International Conference on Extending Database Technology. Avignon,1996.
[50]M. J. Zaki, SPADE:An efficient algorithm for mining frequent sequences[J]. Machine Learning, Vol.42,2001:31-60.
[51]J. Han, J. Pei, B. Mortazavi-Asl, et al. Freespan, Frequent pattern-projected sequential pattern mining[C]. In Proceedings of 2000 International Conference of Knowledge Discovery and Data Mining. Boston, MA,2000:355-359.
[52]Jian Pei, Jiawei Han, Behzad Mortazavi-Asl, et al. PrefixSpan:Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth[C]. In Proceedings of 2001 International Conference of Data Eng.2001:215-224.
[53]X. Yan, J. Han, R. Afshar. CloSpan:mining closed sequential patterns in large datasets[J]. Data Mining,2003,16(5):40-45.
[54]H. Pinto, J. Han, J. Pei, et al. Multi-dimensional sequential pattern mining[C]. In Proceedings of the 10th International Conference on Information and Knowledge Management. Atlanta, New York,2001:81-88.
[55]J. Pei, J. Han, W. Wang. Mining sequential patterns with constraints in large databases[C]. In Proceedings of 11th International Conference on Information and Knowledge Management. McLean, USA,2002:18-25.
[56]M. Zhang, B. Kao, W. Cheung, et al. Efficient algorithms for incremental update of frequent sequences[C]. In Proceedings of the Pacific-Asia Conference on Knowledge Discovery and Data Mining. London, UK,2002:186-197.
[57]S. Parthasarathy, M. J. Zaki, M. Ogihara, et al. Incremental and interactive sequence mining[C]. In Proceedings of the 8th International Conference on Information and Knowledge Management. Kansas City, New York, 1999:251-258.
[58]H. Cheng, X. Yan, J. Han. IncSpan:incremental mining of sequential patterns in large database[C]. In Proceedings of the 10th International Conference on Knowledge Discovery and Data Mining. New York, USA,2004:527-532.
[59]F. Qian, G. Hu, X. Yao. Semi-supervised internet network traffic classification using a Gaussian mixture model[J], AEU-International Journal of Electronics and Communications, Vol.62,2008:557-564.
[60]顾涛,张兴智.K均值聚类法结果的非确定性实验研究及其改进[J].计算机学报,Vol.5,1984:390-398.
[61]He Ji, Lan M, Tan C L, et al. Initialization of cluster refinement algorithms:a review and comparative study[C]. In Proceedings of International Joint Conference on Neural Networks. Budapest.2004:297-302.
[62]M. M. Astrhn. Speech Analysis by Clustering, or the Hyperphoneme Method[J]. Stanford Artificial Intelligence Project, Mem. AIM-124, AD709067, Stanford Univ., Stanford, California,1970.
[63]L. Kaufman. Finding groups in data:an introduction to cluster analysis[M]. New York:Wiley,1990:64-75.
[64]牛琨,张舒博,陈俊亮.融合网格密度的聚类中心初始化方案[J].北京邮电大学学报,Vol.30,2007:6-10.
[65]G. H. Hall, I. J. Hall. PROMENADE-An Outline Pattern Recognition System. RADC-TR-67-310, AD822174, Stanford Res Inst., Menlopatk. California, 1967:72.
[66]I. Katsavounidis, C. J. Kuo, Z. Zhang. A new initialization technique for generalized Lloyd iteration[J]. IEEE Signal Processing Letters,1994, 1(10):144-146.
[67]Telegeography. Global Internet Geography.2010.
[68]CCID.2009-2010年中国信息安全产品市场研究年度报告.2010.
[69]R. Alshammari, A. N. Zincir-Heywood. A flow based approcach for SSH traffic detection[C]. In Proceedings of 2007 ISIC IEEE International Conference. 2009:296-301.
[70]H. Mannila, H Toivonen, A. I. Verkamo. Discovery of frequent episodes in event sequences[J]. In Data Mining and Knowledge Discovery.1997:259-289.
[71]C. Dewes, A. Wichmann, A. Feldmann. An analysis of internet char systems[C]. In Proceedings of ACM SIGCOMM Internet Measurement Conference.2003.
[72]R. Srikant, R.Agrawal. Mining quantitative association rules in large relational tables[C]. In Proceedings of 1996 ACM-SIGMOD Int. Conf. Management of Data. Montreal, Canada,1996:1-12.
[73]R. Alshammari, A. N. Zincir-Heywood. Investigating Two Different Approaches for Encrypted Traffic Classification[C]. In Proceedings of Privacy, Security and Trust,2008:156-166.
[74]J. Erman, A. Mahanti, Arlitt M, et al. Identifying and discriminating between web and peer-to-peer traffic in the network core[C]. In Proceedings of the 16th international conference on World Wide Web. New York, USA,2007:883-892.
[75]C. Dews, A. Wichmann, A. Feldmann. An analysis of internet chat systems[C]. In Proceedings of IMC'03. Miami Beach, USA,2003:51-64.
[76]T. Karagiannis, K. Papagiannaki, M. Faloutsos. BLINK:multilevel traffic classification in the dark[C]. In Proceedings of SIGCOMM'05. Philadelphia, USA,2005:229-240.
[77]L. Bernaille, R. Teixeira. Early recognition of encrypted applications[C]. In Proceedings of 8th International Conference on Passive and Active Network Measurement. Louvain-la-Neuve, Belgium,2007:165-175.
[78]L. Bernaille, R. Teixeira, I. Akodkenou, et al. Traffic classification on the fly[J]. Computer Communication Review,2006,36(2):23-26.
[79]T. Nguyen, G. Armitage. Training on multiple sub-flows to optimize the use of machine learning classifiers in real-world IP networks[C]. In Proceedings of 31st IEEE Conference on Local Computer Networks Tampa. FL, USA,2006:369-376.
[80]A. W. Moore, D. Zuev. Discriminators for use in flow-based classification[J]. In Technical Report RR-05-13:Department of Computer Science, Queen Mary, University of London,2005.
[81]J. Erman, A. Mahanti, M. Ailitt, et al. Offline/realtime traffic classification using semi-supervised learning[J]. Performance Evaluation,2007,64(9-12):1194-1213.
[82]S. Saroiu, P. K. Gummadi, S. D. Gribble. A measurement study of Peer-to-Peer file sharing systems[C]. In Proceedings of SPIE-The International Society for Optical Engineering. San Jose, CA, United States,2002:156-170.
[83]杨岳湘,王锐,唐川.基于双重特征的P2P流量检测方法[J].通信学报,2006,27(11A):135-138.
[84]H. Bleul, E. P. Rathgeb, S. Zilling. Advanced P2P multiprotocol traffic analysis based on application level signature detection[C]. In Proceedings of 12th International Telecommunications Network Strategy and Planning Symposium. New Delhi, India,2007:408-418.
[85]H. Bleul, E. P. Rathgeb. A simple, efficient and flexible approach to measure multi-protocol Peer-to-Peer traffic[C]. In Proceedings of 4th International Conference on Networking. Reunion Island, France,2005:606-616.
[86]H. Bleuil, E. P. Rathgeb, S. Zilling. Evaluation of an efficient measurement concept for P2P multiprotocol traffic analysis[C]. In Proceedings of 32nd Euromicro Conference on Software Engineering and Advanced Applications. Cavtat/Dubrovnik, Croatia,2006:414-421.
[87]A. Madhukar, C. Williamson. A Longitudinal Study of P2P Traffic Classification[C]. In Proceedings of Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. Monterey, California, USA, 2006:179-188.
[88]M. B. Eisen, P. T. Spellman, P. O. Brown, et al. Cluster Analysis and Display of Genome-wide Expression Patterns[J]. Genetics,1998,95(1):14863-15868.
[89]赵艳厂,宋梅,谢帆,等.用于不同密度聚类的多阶段等密度线算法[J].北京邮电大学学报,2003,26(2):42-47.
[90]刘利锋,郑志彬,朱洪亮,赵凯.通信控制方法、装置及系统.中国,发明专利,申请(专利)号:200610106743.2.
[91]谭炜,吴健.基于半监督学习的P2P协议识别[J].计算机工程与设计2009(002):291-293.
[92]沈富可,常潘,任肖丽.基于BP神经网络的P2P流量识别研究[J].计算机应用.2007,27(B12):44-45.
[93]杨虎,张大方,谢鲲,等Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J].计算机工程与科学.2009,31(010):8-11.
[94]韦安明,王洪波,程时端,等.高速网络中P2P流量检测及控制方法[J].北京邮电大学学报.2007,30(005):117-120.
[95]陈姝,周勇林.P2P技术的研究与应用[J].计算机工程与应用.2002,38(013):20-23.
[96]Reno, NV. An Analysis of Flow Identification in QoS Systems[C]. In Proceedings of ACM SIGCSE 2003. Reno, USA,2003.
[97]J. Frank. Machine Learning and Intrusion Detection:Current and Future Directions[C]. In Proceedings of the National 17th Computer Security Conference.1994.
[98]V. Paxson. Bro:A System for Detecting Network Intruders inReal-Time[J]. Comput. Networks,1999,31(23-24):2435-2463.
[99]Lin Guanzhou, Xin Yang, Niu Xinxin, et al. Network traffic classification based on semi-supervised clustering[J]. Journal of China Universities of Posts and Telecommunications,2010,17:84-88.
[100]Lin Guanzhou, Xin Yang, Yang Yixian, et al. An application-level features mining algorithm based on PrefixSpan[C]. In Proceedings of 2010 International Conference on Computer Engineering and Technology, ICCET 2010. Chengdu, China,2010:461-465.
[101]Lin Guanzhou, Xin Yang, Yang Yixian. An improved PrefixSpan-based signatures mining algorithm with offset constraint[C]. In Proceedings of 2nd International Workshop on Intelligent Systems and Applications, ISA 2010. Wuhan, China,2010.
[102]J. Yang, Wang Wei, P. S. Yu. Mining asynchronous periodic patterns in time series data[C]. In Proceedings of the 6th International Conference on Knowledge Discovery and Data Mining. New York, USA,2000:275-279.
[103]邹翔,张巍,刘洋,等.分布式序列模式发现算法的研究[J].软件学报,2005,16(7):1262-1269.
[104]C. Kanich, C. Kreibich, K. Levchenko, et al. Spamalytics:an empirical analysis of spam marketing conversion[J]. Communications of ACM,2009, 52(9):99-107.
[105]R. Sommer, V. Paxson, N. Weaver. An architecture for exploiting multi-core processors to parallelize network intrusion detection prevention[J]. Concurrency and Computation:Practice and Experience,2009,21:1255-1279.
[106]刘颖秋,李巍,李云春.网络流量分类与应用识别的研究[J].计算机应用研究.2008,25(005):1492-1495.
[107]柳斌.P2P流的测量与识别方法研究[学位论文].武汉,华中科技大学,2008.
[108]李锐.IP网业务识别关键技术研究[学位论文].北京,北京邮电大学,2010.