一种面向移动互联网的业务识别方法研究
|
摘要
随着移动互联网业务的蓬勃发展,业务种类不断丰富,移动网络运营商既要支撑本公司提供的各种IP业务,还要为用户自由使用的种类繁多的IP业务提供承载功能。
本论文首先介绍了深度包检测技术的原理,阐明了DPI技术的优势和弊端,并介绍了典型的业务识别方法,包括基于特征字的检测技术,应用层网关识别技术和行为模式识别技术。基于特征字的检测技术就是通过对网络中数据流负载部分的特征信息进行模式匹配,从而识别出网络数据流量的特征字。应用层网关技术首先识别出网络业务的控制流,然后根据控制流的协议内容中解析出业务流的相关信息,再对业务流进行解析,从而识别出业务流。行为模式识别技术适用于无法根据协议判断的业务。这三类识别技术适用的协议类型不同,也不可相互替代,若想有效准确地识别网络上的各种应用,必须要综合运用这三大技术。
本论文主要分析了CMNET承载的移动互联网业务的网络特征和业务特征,研究了重点业务的识别方法,包括飞信、彩信、WAP、移动QQ、BT下载,分析了这几种业务的协议解析方法,通过对各类业务的协议分析及数据包解码分析,对几类业务的协议特征及识别方法做出了详细的阐述,给出了详细的业务识别方法。提出了适用于以上几种业务的业务识别方法,即关联流分析法和打孔式特征串概率匹配法。深入研究了典型业务的特征,实现对WAP浏览、彩信、飞信和移动QQ等移动特色业务的识别,实现对代表性的P2P业务即BT下载业务的识别。
关联流分析法的基本思想是基于流完成业务识别,适用于TCP业务。将提取的数据包按五元组分类,每一类就是一个数据流,称为关联流。如果能够准确识别出一个关联流中的任意一个数据包的业务类型,则完成流识别。
打孔式特征串匹配算法的思想是在整个IP包数据的几个固定位置取得字段并与固定特征字符串匹配识别,是针对具有在固定位置出现固定特征字符串的协议采用的一种区别于逐字搜索的识别方法。
本论文提出了高效的关联流识别和打孔式特征匹配相结合的识别方法。即先按照TCP关联将数据包分类,利用打孔式特征串匹配算法或者逐比特匹配的方法从中找到有业务特征的数据包,然后将该关联下的所有数据包归为一类业务。
这两种方法具有识别效率高、准确性高、容易实现等特点。基于提出的业务识别的方法和算法,编写了业务识别软件,DPI软件。应用该软件对现网的混合业务数据包做深度业务识别。识别结果证明,所提出的关联流分析法和打孔式特征串概率匹配法简单高效,识别准确度较高。
As mobile internet business is booming, the types of service are continuously enriched, Mobile network operation companies have to support the variety of IP services offered by themselves a variety of ip, and have to provide hosting features to the varieties IP services which is used by the users freely as well.
This paper introduces the Deep Packet Inspection technology first,then explains the advantages and drawbacks of DPI technology. Introduce the typical service identification method, including the detection technology based on the characteristics, the identify technology of application gateways, and the identify technology of activity mode. The detection technology based on the characteristics is to do mode maching through the characteristic information of the network dateflow load part, then identify the detection of the network dataflow. The identify technology of application gateways identify the controlling flow of the network service first, then ranalyses the related information of service flow based on the agreement content of the control flow, at last analyses the service flow to identify the service flow.The identify technology of activity mode is used to the services that can not been judged according to the protocol. The three types of identification technology are used to different types of protocols, also can not be substituded of each other. The three technologies have to be used generally if we want to identify different services of network efficiently and accurately.
This paper mainly analyses the network features and service features of the mobile internet which is supported by the CMNET. Study the service identification methods of major businesses,including Fetion, Multimedia Message, WAP browsing, mobile QQ,and BitTorrent download. Analyze the protocol analysis methods of them, Propose service identification methods applicable to the services above. Propose two effective means of service identification. They are the analysis means of associated flow and the matching means of drilling in the character string. Deeply study the characteristics of the typical services. Achieve the service identification of Fetion, Multimedia Message,WAP browsing, mobile QQ. As well as the service identification of BitTorrent download service which is representative of P2P business.
T The basic thought of associated flows is based on the flow to finish the service identification, which applies to TCP services. Classify the data packet according to the quintuple information,every class should be a data flow which called associated flow. If you could identify any data service of service pocket from an associated flow accurately, then flow identification is finished.
The matching means of drilling in the character string idea is that the entire IP packet data field and made several fixed locations and features string smatching recognition. It is a identification method fixed position for a fixed feature in the protocol used in astring literal search which is different from recognition.
This paper presents efficient identification and associated flow characteristics of punch-type matching acombination ofidentification methods. That is,first according to the TCP packet classification associated with the use of punch-typecharacteristics, or by-bit string matching algorithms to find a way to match the operational characteristics of the data packet, and then classify all the data packets associated into one class of business.
The two means of service identification can be of high efficiency, accurate and easy to achieve.Based on the means of service identification and algorithms, compile a service identification software, it is DPI software.Using the software can identify data packages in depth in the mobile internet business.The identify results show that the analysis means of associated flow and the matching means of drilling in the character string are simple,efficient and of high accuracy in identification.
本论文首先介绍了深度包检测技术的原理,阐明了DPI技术的优势和弊端,并介绍了典型的业务识别方法,包括基于特征字的检测技术,应用层网关识别技术和行为模式识别技术。基于特征字的检测技术就是通过对网络中数据流负载部分的特征信息进行模式匹配,从而识别出网络数据流量的特征字。应用层网关技术首先识别出网络业务的控制流,然后根据控制流的协议内容中解析出业务流的相关信息,再对业务流进行解析,从而识别出业务流。行为模式识别技术适用于无法根据协议判断的业务。这三类识别技术适用的协议类型不同,也不可相互替代,若想有效准确地识别网络上的各种应用,必须要综合运用这三大技术。
本论文主要分析了CMNET承载的移动互联网业务的网络特征和业务特征,研究了重点业务的识别方法,包括飞信、彩信、WAP、移动QQ、BT下载,分析了这几种业务的协议解析方法,通过对各类业务的协议分析及数据包解码分析,对几类业务的协议特征及识别方法做出了详细的阐述,给出了详细的业务识别方法。提出了适用于以上几种业务的业务识别方法,即关联流分析法和打孔式特征串概率匹配法。深入研究了典型业务的特征,实现对WAP浏览、彩信、飞信和移动QQ等移动特色业务的识别,实现对代表性的P2P业务即BT下载业务的识别。
关联流分析法的基本思想是基于流完成业务识别,适用于TCP业务。将提取的数据包按五元组分类,每一类就是一个数据流,称为关联流。如果能够准确识别出一个关联流中的任意一个数据包的业务类型,则完成流识别。
打孔式特征串匹配算法的思想是在整个IP包数据的几个固定位置取得字段并与固定特征字符串匹配识别,是针对具有在固定位置出现固定特征字符串的协议采用的一种区别于逐字搜索的识别方法。
本论文提出了高效的关联流识别和打孔式特征匹配相结合的识别方法。即先按照TCP关联将数据包分类,利用打孔式特征串匹配算法或者逐比特匹配的方法从中找到有业务特征的数据包,然后将该关联下的所有数据包归为一类业务。
这两种方法具有识别效率高、准确性高、容易实现等特点。基于提出的业务识别的方法和算法,编写了业务识别软件,DPI软件。应用该软件对现网的混合业务数据包做深度业务识别。识别结果证明,所提出的关联流分析法和打孔式特征串概率匹配法简单高效,识别准确度较高。
As mobile internet business is booming, the types of service are continuously enriched, Mobile network operation companies have to support the variety of IP services offered by themselves a variety of ip, and have to provide hosting features to the varieties IP services which is used by the users freely as well.
This paper introduces the Deep Packet Inspection technology first,then explains the advantages and drawbacks of DPI technology. Introduce the typical service identification method, including the detection technology based on the characteristics, the identify technology of application gateways, and the identify technology of activity mode. The detection technology based on the characteristics is to do mode maching through the characteristic information of the network dateflow load part, then identify the detection of the network dataflow. The identify technology of application gateways identify the controlling flow of the network service first, then ranalyses the related information of service flow based on the agreement content of the control flow, at last analyses the service flow to identify the service flow.The identify technology of activity mode is used to the services that can not been judged according to the protocol. The three types of identification technology are used to different types of protocols, also can not be substituded of each other. The three technologies have to be used generally if we want to identify different services of network efficiently and accurately.
This paper mainly analyses the network features and service features of the mobile internet which is supported by the CMNET. Study the service identification methods of major businesses,including Fetion, Multimedia Message, WAP browsing, mobile QQ,and BitTorrent download. Analyze the protocol analysis methods of them, Propose service identification methods applicable to the services above. Propose two effective means of service identification. They are the analysis means of associated flow and the matching means of drilling in the character string. Deeply study the characteristics of the typical services. Achieve the service identification of Fetion, Multimedia Message,WAP browsing, mobile QQ. As well as the service identification of BitTorrent download service which is representative of P2P business.
T The basic thought of associated flows is based on the flow to finish the service identification, which applies to TCP services. Classify the data packet according to the quintuple information,every class should be a data flow which called associated flow. If you could identify any data service of service pocket from an associated flow accurately, then flow identification is finished.
The matching means of drilling in the character string idea is that the entire IP packet data field and made several fixed locations and features string smatching recognition. It is a identification method fixed position for a fixed feature in the protocol used in astring literal search which is different from recognition.
This paper presents efficient identification and associated flow characteristics of punch-type matching acombination ofidentification methods. That is,first according to the TCP packet classification associated with the use of punch-typecharacteristics, or by-bit string matching algorithms to find a way to match the operational characteristics of the data packet, and then classify all the data packets associated into one class of business.
The two means of service identification can be of high efficiency, accurate and easy to achieve.Based on the means of service identification and algorithms, compile a service identification software, it is DPI software.Using the software can identify data packages in depth in the mobile internet business.The identify results show that the analysis means of associated flow and the matching means of drilling in the character string are simple,efficient and of high accuracy in identification.
引文
[1]朱亚楠.基于DPI技术的P2P业务的识别和控制.上海交通大学硕士学位论文.2008年1月.
[2]杜鑫.基于DPI和DFI的P2P流量实时监测系统的开发.电子科技大学硕士论文.
[3]任肖丽.P2P流量识别的研究与实现[D].硕士学位论文.华东师范大学.2006年.
[4]Sailesh Kumar, Jonathan Turner, John Williams.Advanced Algorithms for Fast and Scalable Deep Packet Inspection. Proceedings of IEEE/ACMANCS'06, December,2006.
[5]Jung-Sik Sung, Seok-Min Kang, Youngseok Lee, Taeck-Geun Kwon, and Bong-Tae Kim, A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM, GLOBECOM, 2005.
[6]王飞.IP网数据综合监控系统体系结构及关键技术研究[D].北京邮电大学.2007年.
[7]聂瑞华,黄伟强,吴仕毅,罗辉琼.基于DPI技术的校园网络带宽管理,计算机技术与发展.第19卷,第4期2009年4月.
[8]陈曙晖,苏金.基于内容分析的协议识别研究.国防科技大学学报,2008:13~15.
[9]韩耀明.基于DPI技术的VoIP流量检测系统的设计与实现.北京邮电大学.工程硕士研究生学位论文.
[10]邢小良.流量检测技术及其应用.人民邮电出版社.2007:77~95.
[11]Subhabra Send, Wiley.Peer-to-peer systems and inspection.王玲芳,陈焱,译.机械工业出版社,2008:157~214.
[12]Young H.Cho, William H.Mangione-Smith.Fast Reconfiguring Deep Packet Filter for 1+Gigabit Network.13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines(FCCM'05),2005.
[13]郑人杰.计算机通信技术.清华大学出版社.2005.
[14]陈绣瑶.DPI带宽管理技术的研究与应用.计算机与现代化.2010年第9期,59-61.
[15]汤昊,李之棠.基于DPI的P2P流量控制系统的设计与实现.通信技术.1009-8054(2007)06-0094-03.
[16]A.Craig Schiller, Jim Binkley, David Harley.Botnets:The Killer Web App.Syngress.2009.
[17]刘佳雄.基于DPI和DFI技术的对等流量识别系统的设计.燕山大学.工学硕士学位论文.
[18]张燕君,刘佳雄,李小川.基于DPI技术的P2P流量监控系统设计.微处理机.2010年10月,第5期.
[19]龙文.无线移动环境下信息安全综合管理系统关键技术研究.北京邮电大学博士论文.2009-11-02.
[20]米淑云.IP网络流量监控系统的研究与实现.硕士学位论文.北京邮电大学硕士论文.
[21]Dafydd Stuttard, Marcus Pinto.The Web Application Hacker's Handbook: Discovering and Exploiting.Security Flaws Wiley,2009.
[22]孟洛明,卞峰.现代网络管理技术.北京邮电大学出版社.2001年2月.
[23]金婷,王攀,张顺颐,陆青莲,陈东.基于DPI和会话关联技术的QQ语音业务识别模型和算法.重庆邮电学院学报(自然科学版)第18卷第6期.2006年12月.
[24]HANOCH Levy, HAIM Zlatokrilov. The Effect of Packet Dispersion on Voice Applications in IP Networks[EB/OL].2006-07-26. http://ieeexplore. org.
[25]张磊,廖建新,张煊等.移动数据业务在智能网上的应用[J].现代电信科技,2003,(2):5-9.
[26]许峰.具有彩信发送功能的GPRS终端的设计与实现.曲阜师范大学硕士论文.2007-04-01.
[26]任青茂.WAP协议分析与WAP网关实现.硕士学位论文.电子科技大学.2001.
[27]向俊涛.WAP技术及其在ITS中的应用研究.武汉理工大学.硕士学位论文.2007.
[28]Helal Sumi, Kumar Vijay, WAP:Present and future.IEEE Pervasive ComPuting, vZ, nl, January/Mareh,2003.79-83.
[29]LueaChittaro, PaoloDalCin, EvaluatingInterfaceDesignChoieeson on WAP Phones, NavigationandSelection.SPringerLDndon, Volume6, Number4, Pages:237-244.
[30]吴成林,潘毅.WAP技术及其在第三代移动通信中的作用.电信快报,2004.4(9):22-25.
[31]鲍连生,付志勇.创造无限商机的WAP应用.实用无线电.2000-06-15.
[32]StevenGordon, LarsMichaelKristensen, JonathanBillington, Verifieation of a Revised WAP Wireless Transaction protocol, Springer Beriin/Heidelberg Volume2360/2002.
[33]詹舒波,李晓峰,袁宵华.WAP—移动互联网解决方案.北京:北京邮电大学出版社.2000.21~83.
[34]E.Gregori, M.Conti, A.T.CamPbell, Gomidyar, M.Zukerman.performance Evaluation On WAP and Internet Protocol over 3G Wireless Networks, SPringerBerlin/Heidelberg.
[35]3GPP23.140:" Multimedia Messaging Services(MMS);Funetional Description:stage2"
[36]朱少敏,冯友华,刘光昌.彩信增值业务的开发与研究.计算机工程与设计.2006年2月.
[37]林城.彩信业务支撑系统的设计与实现.硕士学位论文.北京邮电大学.2006.
[38]常嘉岳.移动多媒体消息业务.北京邮电大学出版社.2005.11.
[39]李长远.彩信行业的应用与研发.硕士学位论文.北京邮电大学.2008.
[40]刘娅.彩信业务运行质量分析系统的设计与实现.硕士学位论文.北京邮电大学.2008
[41]胡燕飞.彩信MMS的设计与应用.信息科学,2004年6月
[42]程磊,陈鸣,周骏.对BitTorrent通信协议的分析与检测[J].电信科学,2006,12:46-50.
[43]Barbera Mario,Lombardo Alfio,Schembra.An Analytical Model of a BitTorrent Peer.15th EUROMICRO International Conference on Parallel,Distributed and Network-Based Processing(PDP'07)7-9 Feb.2007 Page(s):482-489.
[44]张岩.针对Bittorrent协议攻击的研究与应用.硕士学位论文.上海交通大学.2009.
[45]BitTorrent, Parallel Processing,2006.ICPP 2006.International Conference on Aug.2006 Page(s):297-306.
[46]文龙.BitTorrent安全性研究[D].成都:电子科技大学工程硕士论文.2006.
[47]柳斌,李之棠,李战春,周丽娟.一种基于Netfilter的BitTorrent流量测量方法.计算机科学.2007-04-25.
[48]WirelessAPPlieationProtoeolForulll, Ltd.Wireless APP lication Protocol Wireless Session Protocol Specifieation.
[49]Nikitas Liogkas,Robert Nelson,Eddie Kohler,etc.Exploiting BitTorrent For Fun(But Not Profit).In International Workshop on Peer-to-Peer Systems(IPTPS),Hong Kong,May 2006.
[50]罗先强.BitTorrent协议的分析与改进[D].广州:中山大学硕士学位论文,2008.
[2]杜鑫.基于DPI和DFI的P2P流量实时监测系统的开发.电子科技大学硕士论文.
[3]任肖丽.P2P流量识别的研究与实现[D].硕士学位论文.华东师范大学.2006年.
[4]Sailesh Kumar, Jonathan Turner, John Williams.Advanced Algorithms for Fast and Scalable Deep Packet Inspection. Proceedings of IEEE/ACMANCS'06, December,2006.
[5]Jung-Sik Sung, Seok-Min Kang, Youngseok Lee, Taeck-Geun Kwon, and Bong-Tae Kim, A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM, GLOBECOM, 2005.
[6]王飞.IP网数据综合监控系统体系结构及关键技术研究[D].北京邮电大学.2007年.
[7]聂瑞华,黄伟强,吴仕毅,罗辉琼.基于DPI技术的校园网络带宽管理,计算机技术与发展.第19卷,第4期2009年4月.
[8]陈曙晖,苏金.基于内容分析的协议识别研究.国防科技大学学报,2008:13~15.
[9]韩耀明.基于DPI技术的VoIP流量检测系统的设计与实现.北京邮电大学.工程硕士研究生学位论文.
[10]邢小良.流量检测技术及其应用.人民邮电出版社.2007:77~95.
[11]Subhabra Send, Wiley.Peer-to-peer systems and inspection.王玲芳,陈焱,译.机械工业出版社,2008:157~214.
[12]Young H.Cho, William H.Mangione-Smith.Fast Reconfiguring Deep Packet Filter for 1+Gigabit Network.13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines(FCCM'05),2005.
[13]郑人杰.计算机通信技术.清华大学出版社.2005.
[14]陈绣瑶.DPI带宽管理技术的研究与应用.计算机与现代化.2010年第9期,59-61.
[15]汤昊,李之棠.基于DPI的P2P流量控制系统的设计与实现.通信技术.1009-8054(2007)06-0094-03.
[16]A.Craig Schiller, Jim Binkley, David Harley.Botnets:The Killer Web App.Syngress.2009.
[17]刘佳雄.基于DPI和DFI技术的对等流量识别系统的设计.燕山大学.工学硕士学位论文.
[18]张燕君,刘佳雄,李小川.基于DPI技术的P2P流量监控系统设计.微处理机.2010年10月,第5期.
[19]龙文.无线移动环境下信息安全综合管理系统关键技术研究.北京邮电大学博士论文.2009-11-02.
[20]米淑云.IP网络流量监控系统的研究与实现.硕士学位论文.北京邮电大学硕士论文.
[21]Dafydd Stuttard, Marcus Pinto.The Web Application Hacker's Handbook: Discovering and Exploiting.Security Flaws Wiley,2009.
[22]孟洛明,卞峰.现代网络管理技术.北京邮电大学出版社.2001年2月.
[23]金婷,王攀,张顺颐,陆青莲,陈东.基于DPI和会话关联技术的QQ语音业务识别模型和算法.重庆邮电学院学报(自然科学版)第18卷第6期.2006年12月.
[24]HANOCH Levy, HAIM Zlatokrilov. The Effect of Packet Dispersion on Voice Applications in IP Networks[EB/OL].2006-07-26. http://ieeexplore. org.
[25]张磊,廖建新,张煊等.移动数据业务在智能网上的应用[J].现代电信科技,2003,(2):5-9.
[26]许峰.具有彩信发送功能的GPRS终端的设计与实现.曲阜师范大学硕士论文.2007-04-01.
[26]任青茂.WAP协议分析与WAP网关实现.硕士学位论文.电子科技大学.2001.
[27]向俊涛.WAP技术及其在ITS中的应用研究.武汉理工大学.硕士学位论文.2007.
[28]Helal Sumi, Kumar Vijay, WAP:Present and future.IEEE Pervasive ComPuting, vZ, nl, January/Mareh,2003.79-83.
[29]LueaChittaro, PaoloDalCin, EvaluatingInterfaceDesignChoieeson on WAP Phones, NavigationandSelection.SPringerLDndon, Volume6, Number4, Pages:237-244.
[30]吴成林,潘毅.WAP技术及其在第三代移动通信中的作用.电信快报,2004.4(9):22-25.
[31]鲍连生,付志勇.创造无限商机的WAP应用.实用无线电.2000-06-15.
[32]StevenGordon, LarsMichaelKristensen, JonathanBillington, Verifieation of a Revised WAP Wireless Transaction protocol, Springer Beriin/Heidelberg Volume2360/2002.
[33]詹舒波,李晓峰,袁宵华.WAP—移动互联网解决方案.北京:北京邮电大学出版社.2000.21~83.
[34]E.Gregori, M.Conti, A.T.CamPbell, Gomidyar, M.Zukerman.performance Evaluation On WAP and Internet Protocol over 3G Wireless Networks, SPringerBerlin/Heidelberg.
[35]3GPP23.140:" Multimedia Messaging Services(MMS);Funetional Description:stage2"
[36]朱少敏,冯友华,刘光昌.彩信增值业务的开发与研究.计算机工程与设计.2006年2月.
[37]林城.彩信业务支撑系统的设计与实现.硕士学位论文.北京邮电大学.2006.
[38]常嘉岳.移动多媒体消息业务.北京邮电大学出版社.2005.11.
[39]李长远.彩信行业的应用与研发.硕士学位论文.北京邮电大学.2008.
[40]刘娅.彩信业务运行质量分析系统的设计与实现.硕士学位论文.北京邮电大学.2008
[41]胡燕飞.彩信MMS的设计与应用.信息科学,2004年6月
[42]程磊,陈鸣,周骏.对BitTorrent通信协议的分析与检测[J].电信科学,2006,12:46-50.
[43]Barbera Mario,Lombardo Alfio,Schembra.An Analytical Model of a BitTorrent Peer.15th EUROMICRO International Conference on Parallel,Distributed and Network-Based Processing(PDP'07)7-9 Feb.2007 Page(s):482-489.
[44]张岩.针对Bittorrent协议攻击的研究与应用.硕士学位论文.上海交通大学.2009.
[45]BitTorrent, Parallel Processing,2006.ICPP 2006.International Conference on Aug.2006 Page(s):297-306.
[46]文龙.BitTorrent安全性研究[D].成都:电子科技大学工程硕士论文.2006.
[47]柳斌,李之棠,李战春,周丽娟.一种基于Netfilter的BitTorrent流量测量方法.计算机科学.2007-04-25.
[48]WirelessAPPlieationProtoeolForulll, Ltd.Wireless APP lication Protocol Wireless Session Protocol Specifieation.
[49]Nikitas Liogkas,Robert Nelson,Eddie Kohler,etc.Exploiting BitTorrent For Fun(But Not Profit).In International Workshop on Peer-to-Peer Systems(IPTPS),Hong Kong,May 2006.
[50]罗先强.BitTorrent协议的分析与改进[D].广州:中山大学硕士学位论文,2008.