第1页 / 共6页
第2页 / 共6页
第3页 / 共6页
第4页 / 共6页
第5页 / 共6页
第6页 / 共6页
P2P论文:基于DPI和DFI的P2P流量检测技术研究【中文摘要】基于P2P技术的各类应用越来越广泛,但在给大家带来方便的同时,已逐渐演变成为宽带网络的带宽杀手,极易造成网络拥堵,严重影响网络服务质量并存在诸多安全隐患。因此,在相应层级的网络出口能否提供高效的P2P流量管理成为网络能否持续发展的关键要素之一。论文结合企业级边界网关研发项目,针对当前P2P检测技术中遇到的带宽高速化和应用多样化两大难题,讨论了P2P技术的发展历程及检测技术,通过深入研究分析P2P协议,提出了一种基于DPI和DFI的P2P流量检测方案,并予以工程实现。论文的主要工作如下:深入细致地分析了目前主流P2P协议,提取整理出协议的特征字符串,并针对当前软件实现的检测方法无法应用于高速带宽环境的问题,提出了一种基于TCAM的P2P流量检测算法,通过硬件加速,实现了在企业级网络环境下基于深度包检测技术的P2P流量线速检测。测试结果显示,本算法可以精确地检测出已知的P2P流量。针对基于TCAM深度包检测技术无法有效检测新型或传输加密P2P协议的问题,提出了一种基于深度流检测技术的加权P2P流量检测算法,通过运用TCP/UDP法、IP,Port法、并发连接数法等三种识别技术,分别对流量进行检测,并根据综合判决识别出P2P流量。测试结果显示,基于DFI加权P2P流量检测技术的检出率、误检率及漏检率明显优于单独的识别技术,并且具备对传输加密的P2P流量检测能力。针对单独使用基于深度包检测技术和基于深度流检测技术存在一定缺陷的问题,结合项目研发环境,提出并工程实现了一种较完备的P2P流量检测方案,通过融合两种P2P检测算法,实现取长补短,具备了对已知、未知及传输加密等绝大部分P2P流量的检测能力,并采用一种已知数据流优先处理的策略,最大限度地保证了通信质量。理论分析和测试表明,本方案能在GE接口中实现线速P2P流量检测,完全满足项目研发要求。目前,该方案已经在企业级边界网关系统中得到成功应用。【英文摘要】Various applications based on P2P technology have been widely adopted, which brings us many conveniences. Meanwhile, it gradually evolves into anassassinto the wide-band network, constantly brings on network jams, severely affects the quality of network services, brings out lots of potential safety hazards. Thus, high efficient P2P flow management measures to the relevant network level exit becomes one of the key factors to the maintaining development of the internet.Based on the project of the enterprise-level border gateway, this paper shoots the two problems, Hi-Speed and applying diversification, in current development of the P2P detection technology, and discusses the development course of P2P technology and its detecting technology. By a deeply research and analysis of P2P protocol, it brings forward a P2P flow detection solution based on DPI & DFI, achieves engineering implementation.The paper mainly discusses as follow:It deeply and meticulously analyzed current main-stream P2P protocols, extracted characteristic strings from them. Then aiming at the problem that the current software implementing detection methods cannot be applied in hi-speed wide-band network environment, the paper put forward a detecting algorithm of the P2P flow based on TCAM, and achieved line-rate detection of P2P flow based on in-depth packet detection technology in enterprise-level network environment, by hardware acceleration. The results demonstrated that this algorithm could precisely detect the forgone P2P flows.As to the problem that the in-depth packet detection technology base on TCAM cannot effectively detect new or transmission-encrypted P2P protocols, the paper put forward a weighted P2P flow detecting algorithm base on in-depth flow detection technology, which applies TCP/UDP method , IP,Port method, co-current connection number method to separately detect flows, and comprehensively analyzes the results to identify P2P flows. It turns out that the DFI weighted P2P flow detection technology has a better performance in detection rate, false rate and missing rate than every single technology alone, and is capable of detecting the transmission-encrypted P2P flows. As to the problem that there is deficiency when detection technology based on in-depth packet or detection technology based on in-depth flow is applied alone, the paper based on the R&D environment of the project put forward a relatively advanced P2P flow detection solution and achieved engineering implementation, combined two P2P detection algorithms to make up for each others deficiencies, had been capable of detecting most know, unknown or transmission-encrypted P2P flows, during which a strategy of known flows processed with priority was adopted to guarantee the best quality of the communications. Theoretical analyses and tests reveal that this solution could accomplish line-rate P2P flow detection in GE interface, which completely meets the projects demands. At present, this solution has been successfully applied in the enterprise-level border gateway system.【关键词】P2P TCAM DPI DFI 流量检测【英文关键词】P2P TCAM DPI DFI Flow Detection【目录】基于DPI和DFI的P2P流量检测技术研究摘要4-5Abstract5-6第一章 引言9-131.1 课题研究背景9-101.2 研究意义10-111.3 本文的主要工作111.4 本文的内容结构11-13第二章 P2P 发展及检测技术概述13-252.1 P2P 技术概述13-142.2 P2P 技术发展历程14-182.2.1 第一代:集中式P2P 阶段15-162.2.2 第二代:分布式P2P 阶段16-172.2.3 第三代:混合式P2P 阶段172.2.4 演进中的第四代:改进的混合架构P2P17-182.3 常用P2P 协议分析18-212.3.1 Gnutella 协议18-192.3.2 eDonkey 协议192.3.3 BitTorrent 协议192.3.4 Kazaa 协议19-202.3.5 Skype 协议20-212.4 P2P 主要检测技术21-242.4.1 端口识别法21-222.4.2 特征字符串识别法222.4.3 流量模式识别法22-232.4.4 连接模式识别法232.4.5 已有识别方法的比较23-242.5 本章小结24-25第三章 基于DPI 的P2P 流量检测技术研究25-353.1 P2P 协议特征25-263.2 基于DPI 的P2P 流量检测技术研究现状263.3 TCAM 存储器介绍26-283.4 一种基于TCAM 的P2P 流量检测算法28-313.4.1 算法原理28-293.4.2 算法具体实现29-313.5 算法性能测试31-333.6 本章小结33-35第四章 基于DFI 的P2P 流量检测技术研究35-464.1 P2P 流量特征检测方法35-364.1.1 TCP / UDP 法354.1.2 IP,Port法35-364.1.3 并发连接数法364.2 一种基于DFI 的加权P2P 流量检测算法36-434.2.1 算法具体实现38-394.2.2 权值及判决门限确定39-434.3 算法性能测试43-454.4 本章小结45-46第五章 一种基于DPI 和DFI 的P2P 流量检测方案46-545.1 系统概述46-475.2 一种P2P 流量检测方案47-515.2.1 方案框架47-485.2.2 性能优化48-505.2.3
收藏 下载该资源
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号