导　　师： 沈富可

学科专业： H1201

授予学位： 硕士

作　　者： ;

机构地区： 华东师范大学

摘　　要： 近几年来，p2p(peer-to-peer，对等网络)作为一项全新的网络技术飞速发展。有关调查表明，p2p业务已悄然占据了互联网业务总量的60％～80％，成为杀手级宽带互联网应用。p2p业务不断增加，造成了网络带宽的巨大消耗，甚至引起网络拥塞，降低其它业务的性能。另一方面对于企业用户来说，内部员工利用企业网上网听音乐或收看流式媒体造成了巨大的it资源浪费；而通过并不安全的网络环境获得的应用程序和p2p协议，将可能为企业安全防护打开一扇后窗，使得病毒和恶意代码得以躲过安全审查潜入企业内部网络。因此，实现p2p流量的有效识别已经成为急需解决的问题。 早期的时候使用端口扫描的方法来识别使用预先定义的端口号的p2p流量识别。近来，s．sen和a．w．moore将应用层签名匹配的方法用于p2p流识别，这种方法从包的载荷中提取应用层签名然后与已知的p2p应用签名数据库中的值进行匹配。而t．karagiannis和a．w．more对p2p流量行为进行分析，得出一些规律，使用这些规律识别p2p流量。然而新一代的p2p应用可以使用任意的端口号来避开固定端口阻塞，而且越来越多的p2p应用开始加密它们的流量来穿越应用层签名匹配。所以p2p流量识别变得越来越难。我们需要找出一种健壮、准确率高的p2p流量发现的方法。 本文从p2p流识别的工作原理与实现机制入手，研究分析了p2p流识别中存在的问题和实现有效的p2p流识别方案需要的技术，并在此基础上做了以下工作： 1、研究分析了当前存在的几种p2p流识别方案的工作原理，以及其在p2p流识别过程中的特点和存在的问题。 2、在分析了当前p2p流识别方案的实现原理和特点的基础上，对应用层签名匹配方法进行改进，给出使用新的流量特征的基于bp神经网络的流识别器，然后使用了一种结合改进的应用层签名匹配方法和基于bp神经网络的流识别器的p2p流识别方案，克服了当前的几种p2p流识别方案的缺点有效的提高了p2p流的识别率和识别的速度。 3、为了对本文提出的p2p流识别方案进行验证，使用当前流行的建模工具matlab首先实现了一个用于p2p流识别的bp神经网络，继而在此基础上实现了本文提出的p2p流识别方案。 4、针对该matlab环境下的实现，对结合dpi(深度数据包检测)方法与bp神经网络流量识别器p2p流识别方案的有效性进行了实验验证，并对该方案的性能进行了实验分析。 Recent years, P2P /(peer-to-peer/), as a bran-new technology, has developed whip and spur. Interrelated investigation indicates that P2P traffic has taken up 60/% to 80/% of the total Internet traffic stealthily, it became the killer application of Broad Band Internet. P2P operation has increased constantly, it consumes network bandwidth hugely, arouses congestion of network and reduce the performance of other operations. On the other hand, for the enterprise user, inner employees use enterprise network to listen music or watch Streaming Media on the internet, this makes tremendous waste of network resource. Further more, using not safely network environment to get application program and P2P protocol may open up a back door of enterprise safety, make viruses and baleful codes able to stand aside safety check up and enter into the corporation. So, the implementation of identify P2P traffic has become a problem need to be resolved immediately. Forepart, people use port scan to. identify P2P flow which with pre-defined port number. Recently, S. Seir~/(/[1/]/) and W. Moore~/(/[2/]/) applied the application signature matching method to P2P traffic identification. The application signature matching method cramps out application signature from packets' payload and matches it with the known P2P application signature in the database. T. Karagiannis~/(/[3/]/) and A. W. More~/(/[4/]/) analyzed P2P traffic behavior and got some disciplinarians. They used these rules to identify P2P traffic. Since new generation P2P application can use arbitrary port number to avoid fixed-port block and use payload encryption to avoid P2P application signature detection, the identification of P2P traffic becomes more and more difficult. We need to find a robust and accurate P2P traffic identification scheme. So in this paper, we begin with the operating principle of P2P traffic identification. Then, we analyze the problem in the identification of P2P traffic and the needed technology to realize the effective P2P traffic identification scheme. The works this paper has done list as follows: a/) Researched several kind of present solutions in P2P flow identification, analyze their features and problems in the identification process. b/) We modified application signature matching method and proposed a Back-propagation Neural Network traffic recognizer using new traffic behaviors.Put forward a P2P traffic identification resolution based on modified application signature matching and traffic recognizer using Back-propagation Neural Network, which overcome the disadvantages of present solutions in P2P traffic identification. So it has efficiently improved the recognition rate and pace of P2P flow identification. c/) In order to test the new P2P traffic identification solution, this paper designed and implemented a Back-propagation Neural Network for traffic recognizer in the popular modeling software MATLAB, and then designed and implemented the P2P flow identification solution on it. d/) Proved the validity of the new solution based on Deep Packet Inspection and traffic recognizer using Back-propagation Neural Network, analyzed its scalability on our test environment based on MATLAB.

关 键 词： 对等网络 流识别 深度数据包检测 神经网络

分 类 号： [TP393.07 TP183]

领　　域： [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术]