本文選題：對等網(wǎng) + 流量識別　； 參考：《曲阜師范大學》2014年碩士論文

【摘要】：對等網(wǎng)絡特有的資源共享方式，使得P2P流量增長迅速。P2P技術已經(jīng)應用到互聯(lián)網(wǎng)服務的各個領域，主要包括文件共享、流媒體播放、分布式計算、游戲娛樂等。事實表明，P2P流量已經(jīng)占用了大部分帶寬，甚至造成了網(wǎng)絡擁塞；并且，由于P2P應用的廣泛性和隱蔽性，使得不少非法節(jié)點產(chǎn)生的惡意流量加劇了帶寬的消耗，甚至出現(xiàn)拒絕服務攻擊。因此，精確高效地識別P2P流量成為對其監(jiān)督和控制的一大關鍵問題，對于保障互聯(lián)網(wǎng)安全具有重要意義。 本文詳細分析了幾類P2P流量識別方法，如端口識別方法通過驗證端口號來完成P2P流量識別；深度數(shù)據(jù)包識別方法根據(jù)匹配負載特征來識別P2P流量；行為特征識別方法依據(jù)提取到的流量特征來識別P2P應用；機器學習和概率統(tǒng)計識別法通過對樣本的統(tǒng)計學習得到分類器，使用分類器來對P2P流量進行精確識別。在上述識別方法的基礎上，深入研究了行為特征識別法，提出了兩種新的流量行為特征分析方法，使得識別的精確度得以提升；并且根據(jù)對機器學習和概率統(tǒng)計識別方法的深入分析，在云計算環(huán)境下提出并實現(xiàn)了解決單機環(huán)境下處理大數(shù)據(jù)集問題的解決方案，主要工作如下： (1)由于P2P軟件普遍采用動態(tài)端口以及負載加密技術，使得基于傳輸層端口和深度包檢測技術的P2P網(wǎng)絡流量識別方法受到限制。通過對P2P流量的分析發(fā)現(xiàn)其具有兩種特性：一是P2P節(jié)點具有雙面性特征，，即P2P節(jié)點可以同時上傳下載數(shù)據(jù)；二是P2P流量的正向流與反向流包到達時間間隔方差比始終在一定區(qū)間內(nèi)波動。由此提出基于節(jié)點及流量行為特征的P2P流量識別方法，并將其應用于網(wǎng)絡流量監(jiān)測中。實驗表明：該方法可識別新應用及加密流量，其流識別率為93%，字節(jié)識別率為95.5%。 (2)由于內(nèi)存限制使得單機環(huán)境下的P2P流量識別方法只能對小規(guī)模數(shù)據(jù)集進行處理，并且基于樸素貝葉斯分類的識別方法所使用的屬性特征均為人工選擇，因此，識別率受到了限制并且缺乏客觀性。基于對以上問題的分析，提出了云計算環(huán)境下的樸素貝葉斯分類算法并改進了在云計算環(huán)境下屬性約簡算法，結合這兩個算法實現(xiàn)了對加密P2P流量的細粒度識別。實驗結果表明該方法可以高效處理大數(shù)據(jù)集網(wǎng)絡流量，并且有很高的P2P流量識別率，結果也具備客觀性。
[Abstract]:Peer-to-peer network resource sharing makes P2P traffic grow rapidly. P2P technology has been applied to various fields of Internet services, including file sharing, streaming media play, distributed computing, game entertainment and so on. The fact shows that P2P traffic has occupied most of the bandwidth and even caused network congestion. Moreover, due to the universality and concealment of P2P applications, the malicious traffic generated by many illegal nodes has increased the bandwidth consumption. There is even a denial of service attack. Therefore, accurate and efficient identification of P2P traffic becomes a key issue in monitoring and control of P2P traffic, and it is of great significance to ensure Internet security. In this paper, several kinds of P2P traffic identification methods are analyzed in detail, such as port identification method to verify port number to complete P2P traffic identification, depth packet identification method to identify P2P traffic according to matching load characteristics. Behavior feature recognition method identifies P2P applications according to extracted traffic features. Machine learning and probabilistic statistical identification method obtain classifiers through statistical learning of samples and use classifiers to identify P2P traffic accurately. On the basis of the above identification methods, the behavior feature recognition method is deeply studied, and two new traffic behavior feature analysis methods are proposed, which can improve the accuracy of identification. Based on the in-depth analysis of machine learning and probabilistic statistical identification methods, a solution to the big data set problem in a single computer environment is proposed and implemented in the cloud computing environment. The main work is as follows: Because P2P software generally uses dynamic port and load encryption technology, P2P network traffic identification method based on transport layer port and depth packet detection technology is limited. Based on the analysis of P2P traffic, it is found that P2P nodes have two characteristics: one is that P2P nodes can upload and download data at the same time; The other is that the variance ratio of the arrival time interval between the forward flow and the reverse flow always fluctuates in a certain range. A P2P traffic identification method based on node and traffic behavior is proposed and applied to network traffic monitoring. The experimental results show that this method can recognize new applications and encrypted traffic. The recognition rate of stream is 933 and the rate of byte recognition is 95.55. 2) because of memory limitation, P2P traffic identification method in single computer environment can only deal with small-scale data sets, and the attribute features used in the recognition method based on naive Bayesian classification are all manually selected. Recognition rates are limited and lack of objectivity. Based on the analysis of the above problems, the naive Bayes classification algorithm in cloud computing environment is proposed, and the attribute reduction algorithm in cloud computing environment is improved. Combining these two algorithms, the fine-grained identification of encrypted P2P traffic is realized. Experimental results show that this method can efficiently deal with big data network traffic, and has a high P2P traffic recognition rate, and the results are objective.
【學位授予單位】：曲阜師范大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.02

【參考文獻】

相關期刊論文 前10條

1 方瑩;;基于應用層簽名特征的P2P流量識別[J];計算機工程與應用;2012年03期

2 錢進;苗奪謙;張澤華;;云計算環(huán)境下知識約簡算法[J];計算機學報;2011年12期

3 王中鋒;王志海;;基于條件對數(shù)似然函數(shù)導數(shù)的貝葉斯網(wǎng)絡分類器優(yōu)化算法[J];計算機學報;2012年02期

4 陳昊;楊俊安;莊鎮(zhèn)泉;;變精度粗糙集的屬性核和最小屬性約簡算法[J];計算機學報;2012年05期

5 李麟青;楊哲;朱艷琴;;一種混合式BitTorrent流量檢測方法[J];計算機應用;2011年12期

6 陳云菁;張峗;陳經(jīng)濤;;基于決策樹模型的P2P流量分類方法[J];計算機應用研究;2009年12期

7 王海晟;王海晨;桂小林;;使用粗糙集與Bayes分類器的P2P網(wǎng)絡安全管理機制[J];計算機科學;2012年09期

8 陳偉;蘭巨龍;張建輝;杜錫壽;;基于SVM概率輸出的P2P流媒體識別法[J];計算機科學;2012年10期

9 李致遠;王汝傳;;一種基于機器學習的P2P網(wǎng)絡流量識別方法[J];計算機研究與發(fā)展;2011年12期

10 李偉衛(wèi);趙航;張陽;王勇;;基于MapReduce的海量數(shù)據(jù)挖掘技術研究[J];計算機工程與應用;2013年20期

本文編號：1831450