ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇

改进的对等网络流量传输层识别方法

徐 鹏 刘 琼 林 森   

  1. (中国科学院软件研究所 北京 100190) (中国科学院研究生院 北京 100049) (xupeng03@ios.cn)
  • 出版日期: 2008-05-15

An Improved Transport Layer Identification of PeertoPeer Traffic

Xu Peng, Liu Qiong, and Lin Sen   

  1. (Institute of Software, Chinese Academy of Sciences, Beijing 100190) (Graduate University of Chinese Academy of Sciences, Beijing 100049)
  • Online: 2008-05-15

摘要: P2P(peer to peer) 流量识别问题是近年来网络测量研究中的热点问题.基于传输层行为的P2P流量识别方法不依赖P2P应用的特征字段,具有良好的可扩展性.然而网络应用的传输层行为通常极易受网络环境的影响,因此基于传输层行为的P2P流量识别方法在国内外不同的网络环境中,其准确性存在较大的差异.为了弥补现有P2P流量传输层识别方法在国内网络环境中的不足,提出了3条改进策略:1)基于非P2P知名端口的过滤机制;2)基于有效数据流的计数机制;3)基于反向流的FTP过滤机制.随后,在国内网络流量记录上验证了上述改进策略的有效性.实验结果表明,改进后的传输层识别方法,其P2P流识别准确率和P2P字节识别准确率分别接近95%和99%.最后,在国内率先使用改进的P2P流量传输层识别方法对中国教育科研网的骨干网流量记录进行了分析. 测量结果表明,国内骨干网上P2P流量所占的比例已经由过去的0.76%上升到70%左右.

关键词: 网络测量, 对等网络, 流量识别, 传输层, 网络行为

Abstract: Peer to peer (P2P) traffic identification is a hot topic in network measurement in recent years. The identification method based on P2P traffic transport layer behavior has good scalability, because it is independent of the signature strings of P2P application. But the network application’s behavior in transport layer is easy to be affected by network environment, so there is a great difference in the accuracy of this identification method between domestic and overseas network environment. In order to improve the existing transport layer identification method in domestic network environment, three proposals are offered in this paper. The first is a filtering mechanism based on nonP2P known port. The second is a counting mechanism using data flow. The third is an FTP flow filtering mechanism using reversed flow. Then, these proposals are validated using the domestic traces. The result of experiments indicates that the flow accuracy and bytes accuracy of the improved P2P traffic transport layer identification method approach 95% and 99% respectively. Finally, this improved method is firstly used to analyze the trace of the Internet backbone in China Education and Research Network. The result of measurement shows that the volume of P2P traffic increases from 0.76% roughly to 70% of the total traffic in the backbone.

Key words: network measurement, peer to peer, traffic identification, transport layer, network behavior