P2P論文：基于DPI與DFI的P2P流量檢測(cè)技術(shù)研究

1、P2P論文：基于DPI和DFI的P2P流量檢測(cè)技術(shù)研究【中文摘要】基于P2P技術(shù)的各類應(yīng)用越來越廣泛,但在給大家?guī)矸奖愕耐瑫r(shí),已逐漸演變成為寬帶網(wǎng)絡(luò)的帶寬殺手,極易造成網(wǎng)絡(luò)擁堵,嚴(yán)重影響網(wǎng)絡(luò)服務(wù)質(zhì)量并存在諸多安全隱患。因此,在相應(yīng)層級(jí)的網(wǎng)絡(luò)出口能否提供高效的P2P流量管理成為網(wǎng)絡(luò)能否持續(xù)發(fā)展的關(guān)鍵要素之一。論文結(jié)合企業(yè)級(jí)邊界網(wǎng)關(guān)研發(fā)項(xiàng)目,針對(duì)當(dāng)前P2P檢測(cè)技術(shù)中遇到的帶寬高速化和應(yīng)用多樣化兩大難題,討論了P2P技術(shù)的發(fā)展歷程及檢測(cè)技術(shù),通過深入研究分析P2P協(xié)議,提出了一種基于DPI和DFI的P2P流量檢測(cè)方案,并予以工程實(shí)現(xiàn)。論文的主要工作如下:深入細(xì)致地分析了目前主流P2P協(xié)議,提取整理

2、出協(xié)議的特征字符串,并針對(duì)當(dāng)前軟件實(shí)現(xiàn)的檢測(cè)方法無法應(yīng)用于高速帶寬環(huán)境的問題,提出了一種基于TCAM的P2P流量檢測(cè)算法,通過硬件加速,實(shí)現(xiàn)了在企業(yè)級(jí)網(wǎng)絡(luò)環(huán)境下基于深度包檢測(cè)技術(shù)的P2P流量線速檢測(cè)。測(cè)試結(jié)果顯示,本算法可以精確地檢測(cè)出已知的P2P流量。針對(duì)基于TCAM深度包檢測(cè)技術(shù)無法有效檢測(cè)新型或傳輸加密P2P協(xié)議的問題,提出了一種基于深度流檢測(cè)技術(shù)的加權(quán)P2P流量檢測(cè)算法,通過運(yùn)用TCP/UDP法、IP,Port法、并發(fā)連接數(shù)法等三種識(shí)別技術(shù),分別對(duì)流量進(jìn)行檢測(cè),并根據(jù)綜合判決識(shí)別出P2P流量。測(cè)試結(jié)果顯示,基于DFI加權(quán)P2P流量檢測(cè)技術(shù)的檢出率、誤檢率及漏檢率明顯優(yōu)于單獨(dú)的識(shí)別技術(shù),

3、并且具備對(duì)傳輸加密的P2P流量檢測(cè)能力。針對(duì)單獨(dú)使用基于深度包檢測(cè)技術(shù)和基于深度流檢測(cè)技術(shù)存在一定缺陷的問題,結(jié)合項(xiàng)目研發(fā)環(huán)境,提出并工程實(shí)現(xiàn)了一種較完備的P2P流量檢測(cè)方案,通過融合兩種P2P檢測(cè)算法,實(shí)現(xiàn)取長補(bǔ)短,具備了對(duì)已知、未知及傳輸加密等絕大部分P2P流量的檢測(cè)能力,并采用一種已知數(shù)據(jù)流優(yōu)先處理的策略,最大限度地保證了通信質(zhì)量。理論分析和測(cè)試表明,本方案能在GE接口中實(shí)現(xiàn)線速P2P流量檢測(cè),完全滿足項(xiàng)目研發(fā)要求。目前,該方案已經(jīng)在企業(yè)級(jí)邊界網(wǎng)關(guān)系統(tǒng)中得到成功應(yīng)用?！居⑽恼縑arious applications based on P2P technology have been

4、widely adopted, which brings us many conveniences. Meanwhile, it gradually evolves into anassassinto the wide-band network, constantly brings on network jams, severely affects the quality of network services, brings out lots of potential safety hazards. Thus, high efficient P2P flow management measu

5、res to the relevant network level exit becomes one of the key factors to the maintaining development of the internet.Based on the project of the enterprise-level border gateway, this paper shoots the two problems, Hi-Speed and applying diversification, in current development of the P2P detection tec

6、hnology, and discusses the development course of P2P technology and its detecting technology. By a deeply research and analysis of P2P protocol, it brings forward a P2P flow detection solution based on DPI & DFI, achieves engineering implementation.The paper mainly discusses as follow:It deeply and

7、meticulously analyzed current main-stream P2P protocols, extracted characteristic strings from them. Then aiming at the problem that the current software implementing detection methods cannot be applied in hi-speed wide-band network environment, the paper put forward a detecting algorithm of the P2P

8、 flow based on TCAM, and achieved line-rate detection of P2P flow based on in-depth packet detection technology in enterprise-level network environment, by hardware acceleration. The results demonstrated that this algorithm could precisely detect the forgone P2P flows.As to the problem that the in-d

9、epth packet detection technology base on TCAM cannot effectively detect new or transmission-encrypted P2P protocols, the paper put forward a weighted P2P flow detecting algorithm base on in-depth flow detection technology, which applies TCP/UDP method , IP,Port method, co-current connection number m

10、ethod to separately detect flows, and comprehensively analyzes the results to identify P2P flows. It turns out that the DFI weighted P2P flow detection technology has a better performance in detection rate, false rate and missing rate than every single technology alone, and is capable of detecting t

11、he transmission-encrypted P2P flows. As to the problem that there is deficiency when detection technology based on in-depth packet or detection technology based on in-depth flow is applied alone, the paper based on the R&D environment of the project put forward a relatively advanced P2P flow detecti

12、on solution and achieved engineering implementation, combined two P2P detection algorithms to make up for each others deficiencies, had been capable of detecting most know, unknown or transmission-encrypted P2P flows, during which a strategy of known flows processed with priority was adopted to guar

13、antee the best quality of the communications. Theoretical analyses and tests reveal that this solution could accomplish line-rate P2P flow detection in GE interface, which completely meets the projects demands. At present, this solution has been successfully applied in the enterprise-level border ga

14、teway system.【關(guān)鍵詞】P2P TCAM DPI DFI 流量檢測(cè)【英文關(guān)鍵詞】P2P TCAM DPI DFI Flow Detection【目錄】基于DPI和DFI的P2P流量檢測(cè)技術(shù)研究摘要4-5Abstract5-6第一章 引言9-131.1 課題研究背景9-101.2 研究意義10-111.3 本文的主要工作111.4 本文的內(nèi)容結(jié)構(gòu)11-13第二章 P2P 發(fā)展及檢測(cè)技術(shù)概述13-252.1 P2P 技術(shù)概述13-142.2 P2P 技術(shù)發(fā)展歷程14-182.2.1 第一代：集中式P2P 階段15-162.2.2 第二代：分布式P2P 階段16-172.2.3 第三代：

15、混合式P2P 階段172.2.4 演進(jìn)中的第四代：改進(jìn)的混合架構(gòu)P2P17-182.3 常用P2P 協(xié)議分析18-212.3.1 Gnutella 協(xié)議18-192.3.2 eDonkey 協(xié)議192.3.3 BitTorrent 協(xié)議192.3.4 Kazaa 協(xié)議19-202.3.5 Skype 協(xié)議20-212.4 P2P 主要檢測(cè)技術(shù)21-242.4.1 端口識(shí)別法21-222.4.2 特征字符串識(shí)別法222.4.3 流量模式識(shí)別法22-232.4.4 連接模式識(shí)別法232.4.5 已有識(shí)別方法的比較23-242.5 本章小結(jié)24-25第三章 基于DPI 的P2P 流量檢測(cè)技術(shù)研究25-353.1 P2P 協(xié)議特征25-263.2 基于DPI 的P2P 流量檢測(cè)技術(shù)研究現(xiàn)狀263.3 TCAM 存儲(chǔ)器介紹26-283.4 一種基于TCAM 的P2P 流量檢測(cè)算法28-313.4.1 算法原理28-293.4.2 算法具體實(shí)現(xiàn)29-313.5 算法性能測(cè)試31-333.6 本章小結(jié)33-35第四章 基于DFI 的P2P 流量檢測(cè)技術(shù)研究35-464.1 P2P 流量特征檢測(cè)方法35-364.1.1 TCP / UDP 法354.1.2 IP，Port法35-364.1.3 并發(fā)連接數(shù)法364.2 一種基于DFI 的加權(quán)P2P 流量檢測(cè)算法36-434.2.1 算法具體實(shí)