P2P 流量识别

doi:10.3724/SP.J.1001.2011.03995

微信服务号

微信订阅号

2025年3月24日 11:28 星期一

首页 > 过刊浏览>2011年第22卷第6期 >1281-1298. DOI:10.3724/SP.J.1001.2011.03995

PDF HTML阅读 XML下载导出引用引用提醒

P2P 流量识别
DOI:
                        10.3724/SP.J.1001.2011.03995
                    
CSTR:
                        
                    
作者:
                        鲁刚鲁刚
哈尔滨工业大学 计算机科学与技术学院,黑龙江 哈尔滨 150001;哈尔滨工业大学 国家计算机信息内容安全重点实验室,黑龙江 哈尔滨 150001
在期刊界中查找
在百度中查找
在本站中查找
张宏莉张宏莉
哈尔滨工业大学 计算机科学与技术学院,黑龙江 哈尔滨 150001;哈尔滨工业大学 国家计算机信息内容安全重点实验室,黑龙江 哈尔滨 150001
在期刊界中查找
在百度中查找
在本站中查找
叶麟叶麟
哈尔滨工业大学 计算机科学与技术学院,黑龙江 哈尔滨 150001;哈尔滨工业大学 国家计算机信息内容安全重点实验室,黑龙江 哈尔滨 150001
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:国家自然科学基金(60903166); 国家重点基础研究发展计划(973)(2007CB311101); 国家高技术研究发展计划(863)(2010AA012504); 新世纪优秀人才支持计划(NCET-07-0245)

P2P Traffic Identification

Author:

LU Gang
LU Gang
School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China; State Key Laboratory of Computer Information Content Security, Harbin Institute of Technology, Harbin 150001, China
在期刊界中查找
在百度中查找
在本站中查找
ZHANG Hong-Li
ZHANG Hong-Li
School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China; State Key Laboratory of Computer Information Content Security, Harbin Institute of Technology, Harbin 150001, China
在期刊界中查找
在百度中查找
在本站中查找
YE Lin
YE Lin
School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China; State Key Laboratory of Computer Information Content Security, Harbin Institute of Technology, Harbin 150001, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [69]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

P2P 流量的迅猛增长加剧了网络拥塞状况,P2P 流量识别为网络管理提供了基本的技术支持.首先介绍了P2P 流量的类别及流量识别面临的主要困难,然后综述了P2P 流量识别的主要技术及研究进展,最后给出下一步的主要研究方向.

关键词:对等网络;端口识别;深层数据包检测;机器学习;网络行为

Abstract:

The rapid increase of P2P traffic worsens the congestion of network while P2P traffic identification becomes the basic technical support for network management. The types of P2P traffic and main challenges of traffic identification are introduced first. Next, the main techniques and research progresses of P2P traffic identification are summarized. Finally, the future trend is put forward.

Key words:peer-to-peer (P2P) network; port identification; deep packet inspection; machine learning; network behavior

参考文献

[1] Mochalski K, Schulze H. Ipoque internet study 2008/2009. 2009. http://www.ipoque.com/resources/internet-studies/internet-study-2008_2009

[2] MacManus R. Trend watch: P2P traffic much bigger than Web traffic. 2006. http://www.readwriteweb.com/archives/p2p_growth_trend_watch.php

[3] Sun X, Torres R, Rao S. Preventing DDOS attacks on Internet servers exploiting P2P systems. Computer Networks, 2010,54(15): 2756?2774. [doi: 10.1016/j.comnet.2010.05.021]

[4] CAIDA. Internet traffic classification. 2009. http://www.caida:research/traffic-analysis/classification-overview/#P-47

[5] Erman J, Mahanti A, Arlitt MF. Byte me: A case for byte accuracy in traffic classification. In: Sen S, Sahu S, eds. Proc. of the 3rd Annual ACM Workshop on Mining Network Data (MineNet 2007). New York: ACM Press, 2007. 35?37. [doi: 10.1145/1269880.1269890]

[6] Bleul H, Rathgeb EP, Zilling S. Advanced P2P multiprotocol traffic analysis based on application level signature detection. In: Proc. of the Telecommunications Network Strategy and Planning. New Delhi: IEEE Computer Society, 2006. 1?6. [doi: 10.1109/NETWKS.2006.300369]

[7] Sen S, Spatscheck O, Wang DM. Accurate, scalable in-network identification of P2P traffic using application signatures. In: Feldman S, Uretsky M, Najork M, Wills C, eds. Proc. of the 13th Int’l Conf. on World Wide Web (WWW 2004). New York: ACM Press, 2004. 512?521. [doi: 10.1145/988672.988742]

[8] Haffner P, Sen S, Spatscheck O, Wang DM. ACAS: Automated construction of application signatures. In: Sen S, Ji C, Saha D, McCloskey J, eds. Proc. of the 2005 ACM SIGCOMM Workshop on Mining Network Data (MineNet 2005). New York: ACM Press, 2005. 197?202. [doi: 10.1145/1080173.1080183]

[9] Liu XB, Yang JH, Xie GG, Hu Y. Automated mining of packet signatures for traffic identification at application layer with apriori algorithm. Journal on Communications, 2009,29(12):51?59 (in Chinese with English abstract).

[10] Park BC, Won YJ, Kim MS, Hong JW. Towards automated application signature generation for traffic identification. In: Brunner M, Westphall CB, Granville LZ, eds. Proc. of the Network Operations and Management Symp. (NOMS). Salvador: IEEE Press, 2008. 160?167. [doi: 10.1109/NOMS.2008.4575130]

[11] AceNet. The appalachian center for economic networks. 2009. http://acenettech.com/

[12] Qosmos. Deep packet inspection and network intelligence tools. 2010. http://www.qosmos.com/

[13] L7-filter supported protocols. 2009. http://l7-filter.sourceforge.net/protocols

[14] Snort. Network intrusion prevention and detection system. 2010. http://www.snort.org

[15] Aceto G, Dainotti A, Donato W, Pescapé A. PortLoad: Taking the best of two worlds in traffic classification. In: Proc. of the INFOCOM IEEE Conf. on Computer Communications Workshops. San Diego: IEEE Press, 2010. 1?5. [doi: 10.1109/INFCOMW.2010.5466645]

[16] CNNIC. The statistical survey report on Internet developing in China. 2009 (in Chinese). http://www.cernet.com/news/chinacngi.pdf

[17] Zhao R. The research and implementation of P2P traffic identification based on feature string [MS. Thesis]. Chengdu: University of Electronic Science and Technology of China, 2009 (in Chinese with English abstract).

[18] Li WN, E YP, Ge JG, Qian HL. Multi-Pattern matching algorithms and hardware based implementation. Journal of Software, 2006, 17(12):2403?2415 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/17/2403.htm [doi: 10.1360/jos172403]

[19] Tan JL. String matching algorithm and application of network content analysis [Ph.D. Thesis]. Beijing: Graduate University of the Chinese Academy of Sciences, 2003 (in Chinese with English abstract).

[20] Cormen TH, Leiserson CE, Wrote; Pan JG, Gu TC, Li CF, Ye M, Trans. Introduction to Algorithms. 2nd ed., Beijing: China Machine Press, 2008. 557?568 (in Chinese).

[21] Navarro G, Raffinot M, Wrote; Network Information Security Research Center in Institute of Computing Technology, Trans. Flexible Pattern Matching in Strings. Beijing: Publishing House of Electronics Industry, 2007. 13?68 (in Chinese).

[22] Smith R, Estan C, Jha S, Kong SJ. Deflating the big bang: Fast and scalable deep packet inspection with extended finite automata. In: Bahl V, Wetherall D, Savage S, Stoica I, eds. Proc. of the ACM SIGCOMM 2008 Conf. on Data Communication (SIGCOMM 2008). New York: ACM Press, 2008. 207?218. [doi: 10.1145/1402958.1402983]

[23] Guo ZB, Qiu ZD. Identification of BitTorrent traffic for high speed network using packet sampling and application signatures. Journal of Computer Research and Development, 2008,45(2):227?236 (in Chinese with English abstract).

[24] Xu K, Zhang M, Ye MJ, Chiu DM, Wu JP. Identify P2P traffic by inspecting data transfer behavior. Journal of Computer Communications, 2010,33(10):1141?1150. [doi: 10.1016/j.comcom.2010.01.005]

[25] Risso F, Baldi M, Morandi O, Baldini A, Monclus P. Lightweight, payload-based traffic classification: An experimental evaluation. In: Sun L, Zhang JW, Wang YG, eds. Proc. of the IEEE Int’l Conf. on Communications (ICC 2008). Beijing: IEEE Press, 2008. 5869?5875. [doi: 10.1109/ICC.2008.1097]

[26] Teufl P, Payer U, Amling M, Godec M, Ruff S, Scheikl G, Walzl G. InFeCT—Network traffic classification. In: Bi J, Gyires T, eds. Proc. of the 7th Int’l Conf. on Networking (ICN). Cancun: IEEE Computer Society, 2008. 439?444. [doi: 10.1109/ICN.2008.42]

[27] Perényi M, Molnár S. Enhanced skype traffic identification. In: Proc. of the 2nd Int’l Conf. on Performance Evaluation Methodologies and Tools (Valuetools 2007). Brussels: ICST Press, 2007. 1?9.

[28] Bonfiglio D, Mellia M, Meo M, Rossi D, Tofanelli P. Revealing skype traffic: When randomness plays with you. ACM SIGCOMM Computer Communication Review, 2007,37(4):37?48.

[29] Yang AM, Jiang SY, Deng H. A P2P network traffic classification method using SVM. In: Wang GJ, Chen J, eds. Proc. of the 9th Int’l Conf. for Young Computer Scientists (ICYCS 2008). IEEE Computer Society, 2008. 398?403. [doi: 10.1109/ICYCS.2008.247]

[30] Este A, Gringoli F, Salgarelli L. On the stability of the information carried by traffic flow features at the packet level. ACM SIGCOMM Computer Communication Review, 2009,39(3):13?18. [doi: 10.1145/1568613.1568616]

[31] Este A, Gringoli F, Salgarelli L. Support vector machines for TCP traffic classification. Computer Networks, 2009,53(14): 2476?2490. [doi: 10.1016/j.comnet.2009.05.003]

[32] Roughan M, Sen S, Spatscheck O, Duffield N. Class-of-Service mapping for QoS: A statistical signature-based approach to IP traffic classification. In: Lombardo A, Kurose J, eds. Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement. Sicily: ACM Press, 2004. 135?148. [doi: 10.1002/scj.20283]

[33] Mori T, Uchida M, Goto S. Flow analysis of Internet traffic: World Wide Web versus peer-to-peer. Journal Systems and Computers in Japan, 2005,36(11):70?81.

[34] Basher N, Mahanti A, Williamson C, Arlitt M, Mahanti A,. A comparative analysis of Web and peer-to-peer traffic. In: Huai JP, Chen R, Hon HW, eds. Proc. of the 17th Int’l Conf. on World Wide Web. New York: ACM Press, 2008. 287?296. [doi: 10.1145/1367497.1367537]

[35] Chen QZ, Shao B, Chen C. Design and implementation of P2P traffic identification system based on compound characteristics. Journal of Southest University (natural science edition), 2008,38(S1):109?113 (in Chinese with English abstract).

[36] Moore AW, Zuev D. Internet traffic classification using bayesian analysis techniques. ACM SIGMETRICS Performance Evaluation Review, 2005,33(1):50?60. [doi: 10.1145/1071690.1064220]

[37] Li W, Canini M, Moore AW, Bolla R. Efficient application identification and the temporal and spatial stability of classification schema. Computer Networks, 2009,53(6):790?809. [doi: 10.1016/j.comnet.2008.11.016]

[38] Erman J, Mahanti A, Arlitt M, Cohen I, Williamson C. Offline/Realtime traffic classification using semi-supervised learning. Performance Evaluation, 2007,64(9-12):1194?1213. [doi: 10.1016/j.peva.2007.06.014]

[39] Chhabra P, John A, Saran H. PISA: Automatic extraction of traffic signatures. In: Boutaba R, Almeroth K, Puigjaner R, Shen S, eds. Proc. of the 4th Int’l IFIP-TC6 Networking Conf. Ontario, Heidelberg: Springer-Verlag, 2005. [doi: 10.1007/11422778_59]

[40] Erman J, Mahanti A, Arlitt M, Williamson C. Identifying and discriminating between Web and peer-to-peer traffic in the network core. In: Williamson C, Zurko ME, eds. Proc. of the 16th Int’l Conf. on World Wide Web (WWW 2007). New York: ACM Press, 2007. 883?892. [doi: 10.1145/1242572.1242692]

[41] Jiang H, Moore AW, Ge ZH, Jin SD, Wang J. Lightweight application classification for network management. In: Proc. of the 2007 SIGCOMM Workshop on Internet Network Management (INM 2007). New York: ACM Press, 2007. 299?304. [doi: 10.1145/1321753.1321771]

[42] Pietrzyk M, Costeux JL, Urvoy-Keller G, En-Najjary T. Challenging statistical classification for operational usage: The ADSL case. In: Feldmann A, Mathy L, eds. Proc. of the 9th ACM SIGCOMM Conf. on Internet Measurement Conf. (IMC 2009). New York: ACM Press, 2009. 122?135. [doi: 10.1145/1644893.1644908]

[43] McGregor A, Hall M, Lorier P, Brunskill J. Flow clustering using machine learning techniques. In: Barakat C, Pratt I, eds. Proc. of the Passive and Active Network Measurement (PAM). LNCS 3015, Heidelberg: Springer-Verlag, 2004. 205?214. [doi: 10.1007/978-3-540-24668-8_21]

[44] Zander S, Nguyen T, Armitage G. Automated traffic classification and application identification using machine learning. In: Hassanein H, Waldvogel M, eds. Proc. of the IEEE Conf. on Local Computer Networks (LCN 2005). Sydney: IEEE Computer Society Press, 2005. 250?257. [doi: 10.1109/LCN.2005.35]

[45] Bernaille L, Teixeira R, Akodkenou I, Soule A, Salamatian K. Traffic classification on the fly. ACM SIGCOMM Computer Communication Review, 2006, 36(2):23?26. [doi: 10.1145/1129582.1129589]

[46] Bernaille L, Teixeira R, Salamatian K. Early application identification. In: Diot C, Ammar M, eds. Proc. of the 2006 ACM CoNEXT Conf. New York: ACM Press, 2006. 1?12. [doi: 10.1145/1368436.1368445]

[47] Shu X, Yang JH, Zhang DF, Xie GG. Compare and analysis of clustering algorithms oriented traffic identification system. Computing Technology and Automation, 2008,27(3):1?6 (in Chinese with English abstract).

[48] Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms. In: Proc. of the 2006 SIGCOMM Workshop on Mining Network Data (MineNet 2006). New York: ACM Press, 2006. 281?286. [doi: 10.1145/1162678.1162679]

[49] Xu P, Liu Q, Lin S. Internet traffic classification using support vector machine. Journal of Computer Research and Development, 2009,46(3):407?414 (in Chinese with English abstract).

[50] Xu P, Lin S. Internet traffic classification using C4.5 decision tree. Journal of Software, 2009,20(10):2692?2704 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/20/2692.htm [doi:10.3724/SP.J.1001.2009.03444]

[51] Soysal M, Schmidt EG. Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison. Performance Evaluation, 2010,67(6):451?467. [doi: 10.1016/j.peva.2010.01.001]

[52] Williams N, Zander S, Armitage G. A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Computer Communication Review, 2006,36(5):5?15. [doi: 10.1145/1163593.1163596]

[53] Zhu XJ. Semi-Supervised learning literature survey. 2008. http://pages.cs.wisc.edu/~jerryzhu/pub/ssl_survey_7_19_2008.pdf

[54] Qian F, Hu GM, Yao XM. Semi-Supervised Internet network traffic classification using a Gaussian mixture model. AEU—Int’l Journal of Electronics and Communications, 2008,62(7):557?564. [doi: 10.1016/j.aeue.2007.07.006]

[55] Peng LZ, Zhang HL, Yang B, Chen YH, Qassrawi MT, Lu G. Traffic identification using flexible neural trees. In: Proc. of the 18th Int’l Workshop on Quality of Service (IWQOS). Beijing, 2010. 1?5. [doi: 10.1109/IWQoS.2010.5542729]

[56] Lu G, Zhang HL, Sha XF, Chen C, Peng LZ. TCFOM: A robust traffic classification framework based on OC-SVM combined MC-SVM. In: E.Guerrero J, ed. Proc. of the Int’l Conf. on Communications and Intelligence Information Security (ICCIIS). Nanning: IEEE Computer Society, 2010. 180?186. [doi: 10.1109/ICCIIS.2010.57]

[57] Karagiannis T, Broido A, Faloutsos M, claffy K. Transport layer identification of P2P traffic. In: Lombardo A, Kurose J, eds. Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement. New York: ACM Press, 2004. [doi: 10.1145/1028788.1028804]

[58] Constantinou F, Mavrommatis PBI. Identifying known and unknown peer-to-peer traffic. In: Bilof R, ed. Proc. of the 5th IEEE Int’l Symp. on Network Computing and Applications. New York: IEEE Computer Society, 2006. 93?102. [doi: 10.1109/NCA. 2006.34]

[59] Karagiannis T, Papagiannaki K, Faloutsos M. BLINC: Multilevel traffic classification in the dark. In: Guerin R, Govindan R, Minshall G, eds. Proc. of the 2005 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2005). New York: ACM Press, 2005. [doi: 10.1145/1080091.1080119]

[60] Stutzbach D, Rejaie R. Understanding Churn in peer-to-peer networks. In: Almeida J, Almeida V, Barford P, eds. Proc. of the 6th ACM SIGCOMM Conf. on Internet Measurement (IMC 2006). New York: ACM Press, 2006. 189?202. [doi: 10.1145/1177080.1177105]

[61] Zhang YX, Yang D, Zhang HK. Research on Churn problem in P2P networks. Journal of Software, 2009,20(5):1362?1376 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/20/1362.htm [doi: 10.3724/SP.J.1001.2009.03485]

[62] Zhou LJ. The research on identification of P2P streaming traffic [Ph.D. Thesis]. Wuhan: Huazhong University of Science and Teehnology, 2008 (in Chinese with English abstract).

[63] Xu P, Liu Q, Lin S. An improved transport layer identification of peer-to-peer traffic. Journal of Computer Research and Development, 2008,45(5):794?802 (in Chinese with English abstract).

[64] Gallagher B, Iliofotou M, Eliassi-Rad T, Faloutsos M. Link homophily in the application layer and its usage in traffic classification. In: Proc. of the INFOCOM. San Diego: IEEE, 2010. 1?5. [doi: 10.1109/INFCOM.2010.5462239]

[65] Madhukar A, Williamson CL. A longitudinal study of P2P traffic classification. In: Ceballos S, ed. Proc. of the 14th IEEE Int’l Symp. on Modeling, Analysis, and Simulation. Washington: IEEE Computer Society Press, 2006. 179?188. [doi: 10.1109/MASCOTS. 2006.6]

[66] Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee K. Internet traffic classification demystified: Myths, caveats, and the best practices. In: Azcorra A, Veciana G, eds. Proc. of the 2008 ACM CoNEXT Conf. New York: ACM Press, 2008. 1?12.

[67] Zhao Y, Yao QL, Zhang ZB, Guo L, Fang BX. TPCAD: A text-oriented multi-protocol inference approach. Journal on Communications, 2009,30(10): 28?35 (in Chinese with English abstract).

[68] Chen ZX. The research on Internet traffic identification methods with scale adatability [Ph.D. Thesis]. Ji’nan: Shandong University, 2008 (in Chinese with English abstract).

[69] Keralapura R, Nucci A, Chuah C. Self-Learning peer-to-peer traffic classifier. In: Proc. of the Int’l Conf. on Computer Communications and Networks (ICCCN). San Francisco: IEEE Press, 2009. 1?8. [doi: 10.1109/ICCCN.2009.5235313]

引用本文

鲁刚,张宏莉,叶麟. P2P 流量识别.软件学报,2011,22(6):1281-1298

复制

文章指标

点击次数:9595
下载次数: 14986
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2010-09-25
最后修改日期:2010-12-23
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码