基于传输层特征和统计特征的P2P流量识别
|
摘要
准确识别对等网络(P2P)流量对网络流量控制有着重要意义。针对P2P流量提出一种高准确度的识别方法。该方法通过统计报文首部ASCII码出现的频率,提取出一个256维的统计特征,结合数据流量的传输层特征,使用决策树算法对流量进行分类识别。在识别过程中提出数据分块的思想,提高了识别的正确率并且能够统计P2P流量流经的端口。仿真测试结果表明,该方法可以在多种流量混杂的情况下识别出P2P流量,且具有较高的准确度。
Identifying Peer-to-Peer(P2P) traffic accurately has important influence on network flow control. A new P2P traffic identification method with high accuracy is proposed. This method calculates the frequency of 256 ASCII bytes occuring in packet header and turns it into a 256 dimensional statistical feature. Combining transport layer features and packet header statistical feature, this method identifies P2P traffic by means of decision tree algorithm. Data deblocking is proposed to maintain high accuracy and collect port numbers that relate to P2P traffic. The experimental results demonstrate that this method can distinguish P2P traffic from non-P2P traffic in different situations with high accuracy.
Identifying Peer-to-Peer(P2P) traffic accurately has important influence on network flow control. A new P2P traffic identification method with high accuracy is proposed. This method calculates the frequency of 256 ASCII bytes occuring in packet header and turns it into a 256 dimensional statistical feature. Combining transport layer features and packet header statistical feature, this method identifies P2P traffic by means of decision tree algorithm. Data deblocking is proposed to maintain high accuracy and collect port numbers that relate to P2P traffic. The experimental results demonstrate that this method can distinguish P2P traffic from non-P2P traffic in different situations with high accuracy.
引文
[1]ZINK T,WALDVOGEL M.Bit torrent traffic obfuscation:a chase towards semantic traffic identification[C]//The 12th IEEE International Conference on Peer-to-Peer Computing.Tarragona,Spain:IEEE,2012:126-137.
[2]王世福.P2P流媒体特征提取技术研究与实现[D].武汉:华中科技大学,2011.(WANG Shifu.Research and implementation of feature extraction of P2P steaming media[D].Wuhan,China:Huazhong University of Science and Technology,2011.)
[3]XU Zhouli,JIANG Zhihong,MO Songhai,et al.Identification of P2P streaming traffic using application signatures[J].Application Research of Computers,2009,26(6):2214-2216.
[4]樊鹏翼,王晖,徐周李.基于PayLoad特征的P2P IPTV应用识别[J].微计算机信息,2009,12(12):36-41.(FAN Pengyi,WANG Hui,XU Zhouli.Identification of P2P IPTV traffic based on payload feature[J].Microcomputer Information,2009,12(12):36-41.)
[5]牛祥.DPI特征匹配算法在P2P流量识别检测的简单应用[J].信息系统工程,2017(12):80-82.(NIU Xiang.Simple application of P2P traffic identification based on DPI feature matching algorithm[J].Information Systems Engineering,2017(12):80-82.)
[6]HU L,ZHANG L.Real-time internet traffic identification based on decision trees[C]//Proceedings of World Automation Congress(WAC).Puerto Vallarta,Mexico,Mexico:IEEE,2012:1-3.
[7]张瀚,朱洪亮,辛阳.基于DPI技术的P2P流量检测系统设计[J].信息网络安全,2012(10):36-40.(ZHANG Han,ZHUHongliang,XIN Yang.Design of a DPI-based P2P traffic detection system[J].Network Information Security,2012(10):36-40.)
[8]KARAGIANNIS T,BROIDO A,BROWNLEE N,et al.Is P2P dying or just hiding?[C]//IEEE Global Telecommunications Conference.Dallas,Texas,USA:IEEE,2004:1532-1538.
[9]ASHIS Pradhan.Network traffic classification using support vector machines and artificial neural networks[J].International Journal of Computer Applications,2012,8(1):8-12.
[10]FRANK J.Artificial intelligent and intrusion detection:current and future directions[C]//Proceedings of the 17th National Computer Security Conference.Washington D C:[s.n.],1994.
[11]徐鹏,林森.基于C4.5决策树的流量分类方法[J].软件学报,2009,20(10):2692-2704.(XU Peng,LIN Sen.Internet traffic classification using C4.5 decision tree[J].Journal of Software,2009,20(10):2692-2704.)
[12]FINAMORE A,MELLIA M,MEO M,et al.KISS:Stochastic Packet Inspection[C]//In Proceedings of the Traffic Measurement and Analysis(TMA).Aachen,Germany:Springer,2009:245-254.
[13]YANG Yuexiang,LIU Chaobin,HUANG Gaoping.Feature research on unstructured P2P multicast video streaming[C]//Proceedings of 2009 2nd IEEE International Conference on Broadband Network&Multimedia Technology.Beijing:IEEE,2009:1235-1244.
[14]CASCARANO N,RISSO F,ESTE A,et al.Comparing P2P TV traffic classifiers[C]//Proceedings of the Traffic Monitoring and Analysis second International Workshop.Zurich,Switzerland:Springer,2010:1-6.
[15]LIU Chaobin,YANG Yuexiang,TANG Chuan.A classification method of unstructured P2P multicast video streaming based on SVM[C]//In Proceedings of 2009 IEEE International Conference on Multimedia.Hubei,China:IEEE,2010:68-72.
[16]桑寅,孟少卿,鹿凯宁.基于DPI和机器学习方法传输层检测的P2P流量识别模型[J].电子测量技术,2011(10):45-48.(SANG Yin,MENG Shaoqing,LU Kaining.A novel method for P2P traffic identification based on DPI and machine learning[J].Electronic Measurement Technology,2011(10):45-48.)
[17]王春枝,杜远丽,叶志伟.基于最优ABC-SVM算法的P2P流量识别[J].计算机应用研究,2018(2):1-2.(WANGChunzhi,DU Yuanli,YE Zhiwei.Identification of P2P traffic based on optimal ABC-SVM[J].Application Research of Computers,2018(2):1-2.)
[18]丁里.基于机器学习的P2P网络流分类研究[D].无锡:江南大学,2015.(DING Li.Research on classification of P2Ptraffic based on machine learning[D].Wuxi,China:Jiangnan University,2015.)
[2]王世福.P2P流媒体特征提取技术研究与实现[D].武汉:华中科技大学,2011.(WANG Shifu.Research and implementation of feature extraction of P2P steaming media[D].Wuhan,China:Huazhong University of Science and Technology,2011.)
[3]XU Zhouli,JIANG Zhihong,MO Songhai,et al.Identification of P2P streaming traffic using application signatures[J].Application Research of Computers,2009,26(6):2214-2216.
[4]樊鹏翼,王晖,徐周李.基于PayLoad特征的P2P IPTV应用识别[J].微计算机信息,2009,12(12):36-41.(FAN Pengyi,WANG Hui,XU Zhouli.Identification of P2P IPTV traffic based on payload feature[J].Microcomputer Information,2009,12(12):36-41.)
[5]牛祥.DPI特征匹配算法在P2P流量识别检测的简单应用[J].信息系统工程,2017(12):80-82.(NIU Xiang.Simple application of P2P traffic identification based on DPI feature matching algorithm[J].Information Systems Engineering,2017(12):80-82.)
[6]HU L,ZHANG L.Real-time internet traffic identification based on decision trees[C]//Proceedings of World Automation Congress(WAC).Puerto Vallarta,Mexico,Mexico:IEEE,2012:1-3.
[7]张瀚,朱洪亮,辛阳.基于DPI技术的P2P流量检测系统设计[J].信息网络安全,2012(10):36-40.(ZHANG Han,ZHUHongliang,XIN Yang.Design of a DPI-based P2P traffic detection system[J].Network Information Security,2012(10):36-40.)
[8]KARAGIANNIS T,BROIDO A,BROWNLEE N,et al.Is P2P dying or just hiding?[C]//IEEE Global Telecommunications Conference.Dallas,Texas,USA:IEEE,2004:1532-1538.
[9]ASHIS Pradhan.Network traffic classification using support vector machines and artificial neural networks[J].International Journal of Computer Applications,2012,8(1):8-12.
[10]FRANK J.Artificial intelligent and intrusion detection:current and future directions[C]//Proceedings of the 17th National Computer Security Conference.Washington D C:[s.n.],1994.
[11]徐鹏,林森.基于C4.5决策树的流量分类方法[J].软件学报,2009,20(10):2692-2704.(XU Peng,LIN Sen.Internet traffic classification using C4.5 decision tree[J].Journal of Software,2009,20(10):2692-2704.)
[12]FINAMORE A,MELLIA M,MEO M,et al.KISS:Stochastic Packet Inspection[C]//In Proceedings of the Traffic Measurement and Analysis(TMA).Aachen,Germany:Springer,2009:245-254.
[13]YANG Yuexiang,LIU Chaobin,HUANG Gaoping.Feature research on unstructured P2P multicast video streaming[C]//Proceedings of 2009 2nd IEEE International Conference on Broadband Network&Multimedia Technology.Beijing:IEEE,2009:1235-1244.
[14]CASCARANO N,RISSO F,ESTE A,et al.Comparing P2P TV traffic classifiers[C]//Proceedings of the Traffic Monitoring and Analysis second International Workshop.Zurich,Switzerland:Springer,2010:1-6.
[15]LIU Chaobin,YANG Yuexiang,TANG Chuan.A classification method of unstructured P2P multicast video streaming based on SVM[C]//In Proceedings of 2009 IEEE International Conference on Multimedia.Hubei,China:IEEE,2010:68-72.
[16]桑寅,孟少卿,鹿凯宁.基于DPI和机器学习方法传输层检测的P2P流量识别模型[J].电子测量技术,2011(10):45-48.(SANG Yin,MENG Shaoqing,LU Kaining.A novel method for P2P traffic identification based on DPI and machine learning[J].Electronic Measurement Technology,2011(10):45-48.)
[17]王春枝,杜远丽,叶志伟.基于最优ABC-SVM算法的P2P流量识别[J].计算机应用研究,2018(2):1-2.(WANGChunzhi,DU Yuanli,YE Zhiwei.Identification of P2P traffic based on optimal ABC-SVM[J].Application Research of Computers,2018(2):1-2.)
[18]丁里.基于机器学习的P2P网络流分类研究[D].无锡:江南大学,2015.(DING Li.Research on classification of P2Ptraffic based on machine learning[D].Wuxi,China:Jiangnan University,2015.)