详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
Along with the emergence of more and more Internet and NGN (Next Generation Network) technologies, the number of broadband-access users has increased sharply; meanwhile, network applications become wider and wider so that great changes have taken place in operation environment. The appearance of various network applications, such as P2P, VoIP, VoD, IPTV, Game online, IM etc., needs more and more quality and bandwidth. In modern times, unsupervised VoIP service, P2P service, abnormal traffic and unmanaged shared access ties up a lot of bandwidth. The situation makes operation and management mode of traditional carriers to be in an extremely vulnerable position. The carriers gradually lose control of network applications; in the meantime, they increase financial input to improve network capacity which can't help them to share revenue of value added service because of serious network chanelized state. So it's so embarrassed for the traditional carriers. The severe case forces them to manage and operate the network in fine-grained level and provide diverse network services. From service monitoring and primary operation to advanced operation, they can provide management means and customized services for traffic inspection and service operation to improve their service quality. Aiming at the status and requirement, the paper mainly studies the technologies of traffic flow monitoring oriented to service recognition from the view of carriers, which can exhumate user application type and user behavior deeply, reduce the service losses result from shared access and raise their income of value added service by information push based on network traffic monitoring to play a pivotal role in transformation on carriers from channel provider to service provider.
     The paper radiates in service inspection, traffic control and interruption, shared access detection and Web push technology on the basis of service gathering and analysis technology. The key techniques are studied and solved in the service implementation to meet the needs of various application scenes and aspects to network monitoring and service. There are several features of the work as follows:
     1. In respect of service inspection and monitoring field, this paper does some research on service detection techniques from port-based, feature-based to user behavior-based technologies and service interrupt technologies based on TCP and UDP, especially traffic classification algorithms based on expert base and behavior feature. The paper proposes five feature mode of expert base in the detection field based on expert base and puts forward a new multi-flow detection technology which can solve some problem of difficulty to recognise some enciphered data, besides, it presents a new classification technology based on fractal dimension in behavior feature detection field to utilize the attribution of self-similarity in P2P application traffic for identification. Restriction, interference and interruption to special service flow are needed after identifying related service. Because the control technology in straight deployment mode has been mature and is easy to implement, the research on flow control technology in bypass deployment mode is a key point and a difficult one especially for connectionless UDP application. The paper also suggests 4 methods and concepts for controlling UDP application which can cover the mainstream UDP service traffic.
     2. In respect of Web push service field, after analyzing the popular Web push and advertisement push technologies, the paper proposes a new Web push approach, and then compares the shortages and advantages of 4 main Web push methods and comes to the conclusion of the scenario that each approach is fit for. Finally, the paper advised the policy of push service management to be considered from three levels, namely:user type, content to push and presentation way so that Web push has the quality of customization and relevance which can promote business development better.
     3. In respect of shared access detection field, the paper processes it as the most important study. By making detail analysis and deep study to the popular detection technologies for NATed hosts, the paper proposes 5 new types of detection algorithms, including passive Cookie algorithm, Inner-IP algorithm, active Cookie algorithm, system time algorithm and MTU algorithm. Then all the algorithms fall into two groups:passive algorithm and active algorithm. Finally the paper analyzes the merits and demerits of these algorithms and points out their limitation on application scenes. Based on this, the paper puts forwards an integrative model and system based on features of each algorithm. At first end users are classified according to user states, then the system makes use of passive algorithms to determine user type, after that utilizes active algorithms to calculate the number of NATed hosts exactly. This detection system has good scalability and hierarchy and can makes a new detection algorithm integrated easily, moreover it improves the accuracy of detection and avoids normal user experience to be interrupted.
     4. The paper introduces multi-track separating concept for the first time and builds the mathematical model of multi-track separating theory to deepen the technology of shared access detection so that the related theory and algorithms can be extended to more application areas. Meantime, the notion of constant-step circular track is present which can be finally turned into residue class circular track problem. The paper provides a multi-track separating algorithm based on bubble principle which separates tracks in accordance with descending order in attribute values by using the feature of variances about multi-tracks in turn, rather than applying the traditional separating method by track interval. The results indicate that this approach is highly accurate and convergent by detecting shared access hosts using the change regularity of IPID which has the character of constant-step circular track.
     5. In respect of the multi-track separating theory field, the paper defines a new type of track that is called binary XOR group circular track and then proposes a new separating algorithm for the kind of track, by which solving the element that is performed XOR operation with base track can be converted into deciding eigen bit mode of the track. It proves to be correct in theory and improves the operability and efficiency greatly. The results indicate that this approach is with high accuracy and tolerance of mis-report and needs small sample size to achieve the detection goals by detecting shared access hosts using the change regularity of DNS which has the character of XOR group circular track.
[1]Day J D, Zimmermann H. The OSI reference model[J]. Proceedings of the IEEE.1983,71(12):1334-1340.
    [2]ISO I S.7498[S]. Information Processing System-Open System Interconnecti-ons-Basic Reference Model.1983.
    [5]Postel J. RFC 791:Internet protocol[S].1981.
    [6]Postel J. Transmission Control Protocol (TCP)-RFC 793[S]. September,1981.
    [7]Postel J. RFC 768:User datagram protocol[S]. Network Information Center, August.1980,18.
    [10]Rec I. H.323:Packet-based multimedia communication systems[S].1998.
    [11]Itu-t R. H.245:Control protocol for multimedia communication[S].2008.
    [12]Itu-t R. H.225.0:Call signalling protocols and media stream packetization for packet-based multimedia communication systems[S].2008.
    [13]Rosenberg J, Schulzrinne H, Camarillo G, et al. SIP:Session Initiation Protocol (RFC 3261)[S]. Internet Engineering Task Force.2002.
    [14]Andreasen F, Foster B. MGCP:Media Gateway Control Protocol (RFC 3435)[S]. Internet Engineering Task Force RFC.2003.
    [15]Cuervo F, Greene N, Rayhan A, et al. Megaco Protocol Version 1.0 (RFC 3015)[S]. Internet Engineering Task Force.2000.
    [16]Itu-t R. Gateway control protocol:Version 3[S].2005.
    [17]Schulzrinne H, Casner S, Frederick R, et al. RTP:A transport protocol for real-time applications (rfc 3550)[S]. Internet Engineering Task Force, Network Working Group.2003.
    [19]ITU-T R. ASN.1 encoding rules:Specification of Packed Encoding Rules (PER)[S].2008.
    [21]Handley M, Jacobson V. SDP:Session Description Protocol (RFC 2327)[S]. IETF.1998.
    [22]Johnston A, Donovan S, Sparks R, et al. SIP Basic Call Flow Examples (RFC 3665)[S]. IETF,2003.
    [23]Davidson J, Peters J, BhatiaM(高艳译).VOIP技术架构[M].北京人民邮电出版社,2008.
    [24]Baset S A, Schulzrinne H. An analysis of the skype peer-to-peer internet telephony protocol[C]. Citeseer,2006.
    [30]Lua E K, Crowcroft J, Pias M, et al. A survey and comparison of peer-to-peer overlay network schemes[J]. IEEE Communications Surveys & Tutorials.2005,7(2): 72-93.
    [31]El-ansary S, Alima L, Brand P, et al. Efficient broadcast in structured P2P networks[J]. Peer-to-Peer Systems Ⅱ.2003:304-314.
    [32]Stoica I, Morris R, Liben-nowell D, et al. Chord:a scalable peer-to-peer lookup protocol for internet applications [J]. IEEE/ACM Transactions on networking. 2003,11(1):17-32.
    [33]Ratnasamy S, Francis P, Handley M, et al. A scalable content-addressable network[C]. ACM,2001.
    [34]Rowstron A, Druschel P. Pastry:Scalable, decentralized object location, and routing for large-scale peer-to-peer systems[C]. Springer,2001.
    [35]Zhichen X, Mahalingam M, Karlsson M. Turning Heterogeneity into an Advantage in Overlay Routing[C].2003.
    [36]Clarke I, Sandberg O, Wiley B, et al. Freenet:A distributed anonymous information storage and retrieval system [C]. Springer,2009.
    [37]Klingberg T, Manfredi R. The gnutella protocol specification v0.6[J]. Technical specification of the Protocol.2002.
    [38]FastTrack. Peer-to-Peer technology company[EB/OL]. http://www.FastTrac k.nu/2001.2001.
    [39]KaZaA. KaZaA media desktop[EB/OL]. http://www.KaZaA.com/2001.2001.
    [40]Jin H, Yao H, Liao X, et al. PKTown:A Peer-to-Peer Middleware to Support IPTV and Multiplayer Online Games[C]. Citeseer,2007.
    [41]Cohen B. Bittorrent protocol specifications v1.0[J]. Retrieved Sept 8th.2006.
    [42]Cohen B. Incentives build robustness in BitTorrent[C]. Citeseer,2003.
    [43]Gerald C, Gilbert R, Hannes R B, et al. Wireshark Open Source Software[DB/CD].1998.
    [45]Insider L R. Deep Packet Inspection:2009 Market Forecast [EB/OL]. http://www.heavyreading.com/insider/details.asp?sku_id=2299&skuitem_itemid=11 48&promo_code=&aff_code=&next_url=%2Finsider%2Flist%2Easp%3Fpage%5Ft ype%3Dall%5Freports.2009.
    [48]IANA. PORT NUMBERS[EB/OL]. http://www.iana.org/assignments/port-numbers.2010.
    [49]刘颖秋,李巍,李云春.网络流量分类与应用识别的研究[J].计算机应用 研究.2008,25(005):1492-1495.
    [50]Knuth D E, Morris J J, Pratt V R. Fast pattern matching in strings[J]. SIAM Journal on Computing.1977,6:323.
    [51]Boyer R S, Moore J S. A fast string searching algorithm[J]. Communications of the ACM.1977,20(10):762-772.
    [52]Aho A V, Corasick M J. Efficient string matching:an aid to bibliographic search[J]. Communications of the ACM.1975,18(6):340.
    [53]Wa Na. Research on the Identification and Control System for IP Service[J]. Telecommunications Network Technology.2009(11):14-18.
    [54]Blake S, Black D, Carlson M, et al. RFC 2475:An Architecture for Differentiated Services[S].1998.
    [55]Mahdavi J, Floyd S. TCP-friendly unicast rate-based flow control[J]. Note sent to end2end-interest mailing list.1997.
    [56]Bansal D, Balakrishnan H. Binomial congestion control algorithms[C].2001.
    [57]Floyd S, Handley M, Padhye J, et al. Equation-based congestion control for unicast applications [J]. ACM SIGCOMM Computer Communication Review.2000, 30(4):56.
    [58]Yang Y R, Lam S S. General AIMD congestion control[C]. Published by the IEEE Computer Society,2000.
    [59]Rhee I, Ozdemir V, Yi Y. TEAR:TCP emulation at receivers-flow control for multimedia streaming[J]. Department of Computer Science, NCSU," Technical report.2000.
    [60]Jacobson V. Congestion avoidance and control[J]. ACM SIGCOMM Computer Communication Review.1995,25(1):187.
    [61]Brakmo L S, Peterson L L. TCP Vegas:End to end congestion avoidance on a global Internet[J]. IEEE Journal on selected Areas in communications.1995,13(8): 1465-1480.
    [62]Parekh A K, Gallager R G. A generalized processor sharing approach to flow control in integrated services networks:the single-node case[J]. IEEE/ACM Transactions on Networking (TON).1993,1(3):344-357.
    [63]Demers A, Keshav S, Shenker S. Analysis and simulation of a fair queueing algorithm[C]. ACM,1989.
    [64]Braden B, Clark D, Crowcroft J, et al. RFC2309:Recommendations on queue management and congestion avoidance in the internet[S]. Internet RFCs.1998.
    [65]Floyd S, Jacobson V. Random early detection gateways for congestion avoidance[J]. IEEE/ACM Transactions on networking.1993,1(4):397-413.
    [67]El-marakby R, Hutchison D. Towards managed real-time communications in the internet environment[C]. Citeseer,1997.
    [68]Min Y D. A Modified Adaptive Transmitted Control Strategy for Real Time Multimedia[J]. Computer Engineering and Applications.2004,19.
    [69]蒋建国,苏兆品,李援,et al.RTP/RTCP自适应流量控制算法[J].电子学报.2006,34(009):1659-1662.
    [70]Liang J, Nahrstedt K. RandPeer:Membership Management for QoS Sensitive Peer to Peer Applications[J]. Urbana.2005,51:61801.
    [71]韦安明,王洪波,程时端,et al.高速网络中P2P流量检测及控制方法[J].北京邮电大学学报.2007,30(005):117-120.
    [72]Postel J. RFC792:Internet Control Message Protocol[S]. Information Sciences Institute, University of Southern California.1981.
    [73]协议漏洞.ICMP协议的缺陷[EB/OL].http://luthersun.spaces.live.com/blog/ cns!56712ED2EA691FAA!153.entry.2008.
    [74]Mogul J C, Deering S E. RFC1191:Path MTU Discovery[S]. Internet Requests for Comments.1990.
    [75]Baker F. Requirements for IP version 4 routers[S]. RFC 1812, June 1995, 1995.
    [76]杨虎,张大方,谢鲲,et al. Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J].计算机工程与科学.2009,31(010):8-11.
    [78]Berners-lee T, Connolly D. Hypertext Markup Language-2.0 (RFC 1866)[S]. September,1995.
    [79]Raggett D. HTML 3.2 Reference Specification-W3C Recommendation 14-Jan-1997[S]. W3C-World Wide Web Consortium,[Online] http://www. w3. org/TR/REC-html32. html.1996.
    [80]Raggett D, Le H A, Jacobs I. HTML 4.0 Specification[S]. W3C REC REC-htm140-19980424.1998.
    [81]Raggett D, Le H A, Jacobs I. HTML 4.01 Specification[S]. W3C recommendation.1999,24.
    [82]Price R. ISO/IEC 15445:2000 (E). Hypertext Markup Language[S]. http://www.scss.tcd.ie/misc/15445/15445.HTML,2000.
    [83]Hickson I, Hyatt D. HTML 5[S]. The World Wide Web Consortium.(W3C Working Draft). Online verfugbar unter http://www. w3. org/TR/html5/, zuletzt gepr uft am.2008,25:2008.
    [84]Pemberton S. XHTML 1.0 The Extensible HyperText Markup Language[S]. W3C Recommendations.2000:1-11.
    [85]Pemberton S. XHTML 1.1-module-based XHTML[S]. URL:http://www. w3. org/TR/xhtml11/xhtml11.pdf [accessed 4 October,2003].2001.
    [86]Axelsson J, Epperson B, Ishikawa M, et al. XHTML 2.0[S]. W3C Working Draft, Tech. Rep., July.2006.
    [88]P2P Software. MYSEE[EB/OL]. http://www.mysee.com.cn/index.htm.2009.
    [89]P2P Software. Vagaa[EB/OL]. http://www.vagaa.de/.2009.
    [90]Chen H, Hu Z, Ye Z, et al. Research of P2P traffic identification based on neural network[C]. Wuhan, China:IEEE Computer Society,2009.
    [92]Erman J, Mahanti A, Arlitt M. Internet traffic identification using machine learning[C]. San Francisco, CA, United states:Institute of Electrical and Electronics Engineers Inc.,2007.
    [93]Liu H, Feng W, Huang Y, et al. A peer-to-peer traffic identification method using machine learning[C]. Guilin, China:Inst. of Elec. and Elec. Eng. Computer Society,2007.
    [94]Li Z, Yuan R, Guan X. Accurate Classification of the Internet Traffic Based on the SVM Method[C].2007.
    [95]Wang R, Liu Y, Yang Y, et al. Solving the app-level classification problem of P2P traffic Via optimized support vector machines[C]. Jinan, China:Inst. of Elec. and Elec. Eng. Computer Society,2006.
    [96]Yang Y X, Wang R, Liu Y, et al. Solving P2P traffic identification problems via optimized support vector machines[C]. Amman, Jordan:Inst. of Elec. and Elec. Eng. Computer Society,2007.
    [97]Liu Y, Wang R, Huang H, et al. Applying support vector machine to P2P traffic identification with smooth processing[C].2006.
    [98]Gonz C F, Rodr H P, Mart R, et al. Support Vector Machine Detection of Peer-to-Peer Traffic in High-Performance Routers with Packet Sampling[J]. Adaptive and Natural Computing Algorithms.2007:208-217.
    [99]Crotti M, Gringoli F, Pelosato P, et al. A statistical approach to IP-level classification of network traffic[C]. Istanbul, Turkey:Institute of Electrical and Electronics Engineers Inc.,2006.
    [100]Crotti M, Dusi M, Gringoli F, et al. Traffic classification through simple statistical fingerprinting[J]. ACM SIGCOMM Computer Communication Review. 2007,37(1):16.
    [101]Karagiannis T, Broido A, Faloutsos M, et al. Transport layer identification of P2P traffic[C]. Taormina, Italy:Association for Computing Machinery,2004.
    [102]Moore A W, Zuev D. Internet traffic classification using bayesian analysis techniques[C]. Banff, AB, Canada:Association for Computing Machinery,2005.
    [103]何明波,谭政,宋迪,et al.基于贝叶斯技术的P2P流量识别方法的研究[J].计算机与现代化.2009(011):67-69.
    [104]Zuev D, Moore A W. Traffic classification using a statistical approach[C]. Boston, MA, United states:Springer Verlag,2005.
    [105]Mcgregor A, Hall M, Lorier P, et al. Flow clustering using machine learning techniques[J]. Passive and Active Network Measurement.2004:205-214.
    [106]Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms[C]. ACM,2006.
    [108]Zhou X, Wang Z. Application of Markov chain in Ip traffic classification[C]. Wuhan, Hubei, China:Inst. of Elec. and Elec. Eng. Computer Society,2009.
    [109]Shusen L, Ruchuan W. A P2P Traffic Control and Management System Based on Hidden Markov Model[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science).2009,29(004):74-78.
    [110]Shuyong Z, Quan Z, Chaojing T. Technique of Protocol Identification Using Profile Hidden Markov Model[J]. Modern Electronics Technique.2008,31(024): 131-134.
    [111]Leland W E, Taqqu M S, Willinger W, et al. On the self-similar nature of Ethernet traffic (extended version)[J]. IEEE/ACM Transactions on networking.1994, 2(1):1-15.
    [112]Crovella M E, Bestavros A. Self-similarity in world wide web traffic[J]. ACM SIGMETRICS Performance Evaluation Review.1996,24(1):160-169.
    [113]Erramilli A, Roughan M, Veitch D, et al. Self-similar traffic and network dynamics[J]. Proceedings of the IEEE.2002,90(5):800-819.
    [114]Doi H, Matsuda T, Yamamoto M. Performance evaluation of multi-fractal nature of TCP traffic with RED gateway[C].2004.
    [115]Liebovitch L S, Toth T. A fast algorithm to determine fractal dimensions by box counting[J]. Physics Letters A.1989,141(8-9):386-390.
    [116]Braden R. RFC1122:Requirements for Internet Hosts-Communication Layers[S]. RFC Editor United States.1989.
    [117]P2P Software. Kugoo Music[EB/OL]. http://www.kugou.com/.2008.
    [118]刘强,王飞,武巧荣,et al.一种网络信息的推送方法和装置200810186134.1[P].
    [120]Rosenberg J, Weinberger J, Huitema C. RFC 3489:STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)[R]. IETF,2003.
    [121]Leech M, Ganis M, Lee Y, et al. RFC 1928:SOCKS Protocol Version 5[S]. 1996.
    [122]Mei Y. Analysis of ICS Detecting Technology Principle[J]. Modern Computer. 2008(004):91-92.
    [123]Bellovin S M. A technique for counting NATted hosts[C]. ACM New York, NY, USA,2002.
    [124]Shuyu C, Xiuhuan H. IPID Shared Access Model Research and Implementation[J]. Journal of Chongqing Institute of Technology(Natural Science). 2008,22(008):94-96.
    [125]Tan C. The principle and application of modern NAT detect technology[J]. Electronic Instrumentation Customer.2006,5(5).
    [126]Jacobson V, Braden R, Borman D. RFC1323:TCP extensions for high performance[S].1992.
    [127]Kohno T, Broido A, Claffy K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing.2005,2(2):93-108.
    [128]辛阳,刘利锋,郑志彬,et al.检测主机数量的方法、装置与系统及通信方法200710096247.8[P].
    [130]Kristol D, Montulli L. RFC2965:HTTP State Management Mechanism[S]. 2000.
    [131]Fielding R, Gettys J, Mogul J, et al. RFC2616:Hypertext Transfer Protocol--HTTP/1.1[S].1999.
    [132]Mills D L. RFC 958:Network time protocol (NTP)[S]. Internet Engineer Task Force,1985.
    [133]Dornhoff L L, Hohn F E. Applied modern algebra[M]. MacMillan Publishing Co., Inc., New York.1977,266:270.
    [134]Stevens W R. TCP/IP illustrated (vol.1):the protocols[M]. Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA,1993.
    [135]Spitzner L. Know your enemy:Passive fingerprinting[J]. Honeynet Project. 2003.
    [137]Mockapetris P. RFC 1034:Domain names-concepts and facilities, November 1987[S].1987.
    [138]Mockapetris P. RFC 1035—Domain names—implementation and specification, November 1987[S].1987.
    [139]Klein A. Microsoft Windows DNS Stub Resolver Cache Poisoning[J]. URL http://www.trusteer.com/files/Microsoft_Windows_resolver_DNS_cache_poisoning. pdf.2007.
    [140]Microsoft Security Bulletin MS08-020—Important; Vulnerability in DNS Client Could Allow Spoofing[J]. URL http://www.microsoft.com/technet/security /Bulletin/MS08-020.mspx.2008.
    [141]Deering S, Hinden R. RFC 2460:Internet Protocol[S]. Version 6(IPv6) Specification.1998.
    [142]Kent S, Atkinson R. Security architecture for the internet protocol (rfc 2401)[S]. Network Working Group.1998.第125页

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700