基于协议特征描述语言的P2P应用识别系统的研究与实现
|
摘要
P2P宽带共享工具能够实现带宽的充分利用,但其为了躲避监管,通常采用动态端口并对通信数据加密,大量的带宽资源被加密流量占用。传统的应用层协议识别方法均从改进匹配算法的角度来提高识别率,但是随着P2P应用的发展,其特征呈现多维化的趋势,算法复杂度也随之提高。鉴于此,从P2P技术原理出发,对典型P2P应用行为及特征进行逆向分析,设计自定义的协议特征描述语言对P2P特征进行分析提取,从而有效的描述P2P应用的广义化特征,实现了基于协议特征描述的P2P应用识别系统,并通过实验证明了该系统在P2P流量识别上的可行性和有效性。
本论文首先从业务营销和带宽管理方面的需求出发进行了P2P业务精确定位必要性的讨论;其次在分析应用识别技术发展现状的基础上,重点讨论了P2P应用的发展及其识别方法存在的问题,提出了对已有方案进行改造的基本思路;接着探讨了识别优化中的关键技术,提出了自定义的广义化特征的概念,并设计了广义化特征的描述方法以及对数据处理的优先级算法;然后针对新方案设计了系统结构,分配各模块的功能并探讨实现细节并对系统关键指标进行了测试,比较分析与现有其他系统的区别和优势;最后对全文进行了总结,并提出4点可改进的地方。
The bandwidth of Internet Service Provider can be fully utilized by popular P2Pbroadband tools, but in order to escape from supervision, dynamic ports and encryptedcommunications data are idiomatically employed by them, in the event, a lot of bandwidthis occupied by encrypted flow. At present, improving matching algorithm is commonlyused by traditional application layer protocol identification methods to raise identificationrate, but with the development of P2P protocol, features are multi-dimensional, andalgorithms are more complex too. In view of this, with the pretreatment by analyzingtypical P2P applications, a kind of custom protocol description language is designed toextract signatures of P2P applications and achieve a protocol signature identfying system,this strategy is approved feasible and effective through experiments.
The first chapter of this thesis discusses the necessity for precise identification of P2Papplications from the perspective of business marketing and bandwidth management;Chapter II analyses application recognition technology on the basis of current development,focuses on the development of P2P applications and problems of identificationmethods,have proposed the basic idea for transform; the third chapter discusses theidentification of key optimization algorithm, the generalized concept of signatures with thedescription methods for it, and the optimization of data processing algorithm; Chapter IVdesigns system structure for the new scheme, distributes function of each module andexplore the implementation details; Chapter V tests the key indicators of the system, andtakes a comparative analysis with other existing systems for difference and advantage;Chapter VI takes a summary of this thesis, and Proposes four requirements to the futurework.
本论文首先从业务营销和带宽管理方面的需求出发进行了P2P业务精确定位必要性的讨论;其次在分析应用识别技术发展现状的基础上,重点讨论了P2P应用的发展及其识别方法存在的问题,提出了对已有方案进行改造的基本思路;接着探讨了识别优化中的关键技术,提出了自定义的广义化特征的概念,并设计了广义化特征的描述方法以及对数据处理的优先级算法;然后针对新方案设计了系统结构,分配各模块的功能并探讨实现细节并对系统关键指标进行了测试,比较分析与现有其他系统的区别和优势;最后对全文进行了总结,并提出4点可改进的地方。
The bandwidth of Internet Service Provider can be fully utilized by popular P2Pbroadband tools, but in order to escape from supervision, dynamic ports and encryptedcommunications data are idiomatically employed by them, in the event, a lot of bandwidthis occupied by encrypted flow. At present, improving matching algorithm is commonlyused by traditional application layer protocol identification methods to raise identificationrate, but with the development of P2P protocol, features are multi-dimensional, andalgorithms are more complex too. In view of this, with the pretreatment by analyzingtypical P2P applications, a kind of custom protocol description language is designed toextract signatures of P2P applications and achieve a protocol signature identfying system,this strategy is approved feasible and effective through experiments.
The first chapter of this thesis discusses the necessity for precise identification of P2Papplications from the perspective of business marketing and bandwidth management;Chapter II analyses application recognition technology on the basis of current development,focuses on the development of P2P applications and problems of identificationmethods,have proposed the basic idea for transform; the third chapter discusses theidentification of key optimization algorithm, the generalized concept of signatures with thedescription methods for it, and the optimization of data processing algorithm; Chapter IVdesigns system structure for the new scheme, distributes function of each module andexplore the implementation details; Chapter V tests the key indicators of the system, andtakes a comparative analysis with other existing systems for difference and advantage;Chapter VI takes a summary of this thesis, and Proposes four requirements to the futurework.
引文
[1]吴国庆.对等网络技术研究[J].计算机技术与发展,2008(7):100-103.
[2]朱树永.协议识别技术研究[D].长沙:国防科学技术大学,2008.
[3]陈亮,龚俭,徐选.应用层协议识别算法综述[J].计算机科学:2007,34(7):73-75.
[4]Matthew Strait.Application Layer Packet Classifier for Linux[EB/OL].http://l7-filter.sourceforge.net/,2003.
[5]Zander S,Nguyen T,Armitage G.Automated traffic classification and application identification using machine learning.Proceedings of the IEEE LCN[C].Melbourne,Australia,2005.250-257.
[6]L.Bemaille,R.Teixeira,I.Akodkenou,A.Soule,and K.Salamatian.Tratfic classification on the fly[C].SIGCOMM Comput Commun.Rev.2006.
[7]Moore A W,Papagiannaki K.Toward the accurate identification of network applications.2005Proceedings of the Passive and Active Measurement Workshop.Boston,MA,USA.2005.41-54.
[8]李海宝.JXTA下P2P点组认证的设计与实现[D].北京:北京交通大学,2006.
[9]何云.P2P文件共享网络中的可扩展性问题的研究[D].天津:南开大学,2006.
[10]石友康.P2P技术业务模式与安全问题探讨[J].电信网技术,2007(3):4-7.
[11]张海剑.对等网络系统的隐私保护与匿名通信研究[D].武汉:华中科技大学,2009.
[12]熊伟,谢冬青,刘洁.一种结构化P2P协议中的负载均衡方法[J].微电子学与计算机,2008(10):76-79.
[13]李德明,韦照川,张法碧.一款改进集中式P2P文件共享系统的实现[J].科技信息,2009(36):232-233.
[14]王韬.从P2P技术发展历程浅析P2P识别技术[J].出国与就业(就业版),2011(14):164.
[15]曹蕾.计算机对等网P2P技术综述[J].甘肃科技,2009(22):41-44.
[16]王涛,卢显良,段翰聪.基于SSL的P2P安全通信模型[J].计算机科学,2006(5):104-106.
[17]李俊峰.基于JXTA平台的P2P双向匿名通信研究[D].广州:中山大学,2005.
[18]汪莉娟.基于智能节点的P2P重叠网NMS的设计与实现[D].兰州:兰州大学,2007.
[19]朱守德.文件传输中P2P协议流量检测[D].大连:大连交通大学,2008.
[20]蒋海明,张剑英,王青青,彭娟.P2P流量检测与分析[J].计算机技术与发展,2008(7):74-76.
[21]齐亚坤.电台综合业务网流量监测[J].广播与电视技术,2010(1):107-110.
[22]王超.IP网络带宽管理技术及应用分析[J].电信技术,2007(5):101-103.
[23]刘俊超.基于正则表达式的应用层协议识别技术研究[D].长沙:国防科学技术大学,2008.
[24]Holger Dreger,Christian Kreibich,Vern Paxson,Robin Sommer.Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context.DIMVA.2005.206-221.
[25]范慧萍,宣蕾,陈曙晖,黄高平.基于正则表达式的应用层协议识别加速[J].计算机研究与发展,2008(z1):438-443.
[26]侯婕,陈曙晖,张银福.基于FSM的高速网络协议识别研究[J].计算机应用研究,2008(6):1877-1878.
[27]Panabit.Panabit流控产品简介[EB/OL].http://www.panabit.com/products2/index.html,2010.
[28]田文颖.文本特征提取方法研究[EB/OL].http://blog.csdn.net/tvetve/arch ive/2008/04/14/2292111.aspx,2008.
[29]陈振亚,陈光辉,徐建民.一种基于文体的文本特征选取方法[J]广西师范大学学报(自然科学版),2011(1):143-146.
[30]程磊,陈鸣,周骏.对BitTorrent通信协议的分析与检测[EB/OL].http://www.kuqin.com/p2p/20071101/1981.html,2007.
[31]W.Richard Stevens.TCP/IP详解卷1:协议[M].北京:机械工业出版社,2000.169-173.
[32]蔡小华.基于DDoS攻击环境的网络数据采集与序列分析研究[D].南京:南京邮电大学,2008.
[33]覃振杰,蒋振宇.数据链路层的网络包捕获[J].电脑开发与应用,2009(1):75-76.
[34]丁国斌.无线网桥增值功能的研究、设计与实现[D].苏州:苏州大学,2009.
[35]段辰生.实时Linux下网络报文捕获平台的研究与实现[D].合肥:合肥工业大学,2009.
[2]朱树永.协议识别技术研究[D].长沙:国防科学技术大学,2008.
[3]陈亮,龚俭,徐选.应用层协议识别算法综述[J].计算机科学:2007,34(7):73-75.
[4]Matthew Strait.Application Layer Packet Classifier for Linux[EB/OL].http://l7-filter.sourceforge.net/,2003.
[5]Zander S,Nguyen T,Armitage G.Automated traffic classification and application identification using machine learning.Proceedings of the IEEE LCN[C].Melbourne,Australia,2005.250-257.
[6]L.Bemaille,R.Teixeira,I.Akodkenou,A.Soule,and K.Salamatian.Tratfic classification on the fly[C].SIGCOMM Comput Commun.Rev.2006.
[7]Moore A W,Papagiannaki K.Toward the accurate identification of network applications.2005Proceedings of the Passive and Active Measurement Workshop.Boston,MA,USA.2005.41-54.
[8]李海宝.JXTA下P2P点组认证的设计与实现[D].北京:北京交通大学,2006.
[9]何云.P2P文件共享网络中的可扩展性问题的研究[D].天津:南开大学,2006.
[10]石友康.P2P技术业务模式与安全问题探讨[J].电信网技术,2007(3):4-7.
[11]张海剑.对等网络系统的隐私保护与匿名通信研究[D].武汉:华中科技大学,2009.
[12]熊伟,谢冬青,刘洁.一种结构化P2P协议中的负载均衡方法[J].微电子学与计算机,2008(10):76-79.
[13]李德明,韦照川,张法碧.一款改进集中式P2P文件共享系统的实现[J].科技信息,2009(36):232-233.
[14]王韬.从P2P技术发展历程浅析P2P识别技术[J].出国与就业(就业版),2011(14):164.
[15]曹蕾.计算机对等网P2P技术综述[J].甘肃科技,2009(22):41-44.
[16]王涛,卢显良,段翰聪.基于SSL的P2P安全通信模型[J].计算机科学,2006(5):104-106.
[17]李俊峰.基于JXTA平台的P2P双向匿名通信研究[D].广州:中山大学,2005.
[18]汪莉娟.基于智能节点的P2P重叠网NMS的设计与实现[D].兰州:兰州大学,2007.
[19]朱守德.文件传输中P2P协议流量检测[D].大连:大连交通大学,2008.
[20]蒋海明,张剑英,王青青,彭娟.P2P流量检测与分析[J].计算机技术与发展,2008(7):74-76.
[21]齐亚坤.电台综合业务网流量监测[J].广播与电视技术,2010(1):107-110.
[22]王超.IP网络带宽管理技术及应用分析[J].电信技术,2007(5):101-103.
[23]刘俊超.基于正则表达式的应用层协议识别技术研究[D].长沙:国防科学技术大学,2008.
[24]Holger Dreger,Christian Kreibich,Vern Paxson,Robin Sommer.Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context.DIMVA.2005.206-221.
[25]范慧萍,宣蕾,陈曙晖,黄高平.基于正则表达式的应用层协议识别加速[J].计算机研究与发展,2008(z1):438-443.
[26]侯婕,陈曙晖,张银福.基于FSM的高速网络协议识别研究[J].计算机应用研究,2008(6):1877-1878.
[27]Panabit.Panabit流控产品简介[EB/OL].http://www.panabit.com/products2/index.html,2010.
[28]田文颖.文本特征提取方法研究[EB/OL].http://blog.csdn.net/tvetve/arch ive/2008/04/14/2292111.aspx,2008.
[29]陈振亚,陈光辉,徐建民.一种基于文体的文本特征选取方法[J]广西师范大学学报(自然科学版),2011(1):143-146.
[30]程磊,陈鸣,周骏.对BitTorrent通信协议的分析与检测[EB/OL].http://www.kuqin.com/p2p/20071101/1981.html,2007.
[31]W.Richard Stevens.TCP/IP详解卷1:协议[M].北京:机械工业出版社,2000.169-173.
[32]蔡小华.基于DDoS攻击环境的网络数据采集与序列分析研究[D].南京:南京邮电大学,2008.
[33]覃振杰,蒋振宇.数据链路层的网络包捕获[J].电脑开发与应用,2009(1):75-76.
[34]丁国斌.无线网桥增值功能的研究、设计与实现[D].苏州:苏州大学,2009.
[35]段辰生.实时Linux下网络报文捕获平台的研究与实现[D].合肥:合肥工业大学,2009.