Identification Peer-to-Peer Traffic for High Speed Networks Using Packet Sampling and Application Signatures
It is very difficult to identify peer-to-peer (P2P) traffic in high speed network environment because well-known port numbers are no longer reliable and application signatures are not efficient enough.In this paper,we present a P2P traffic identification method for high speed networks using packet sampling and application signatures.Models of false negatives and false positives are developed to analyze the effects of packet sampling probability (which is the probability of a packet to be captured when the packet passes through the monitor location) and application signatures probability (which is the probability of a packet containing application signature) on accuracy.We implemented the method with Snort by developing a flow state differentiating preprocessor.We have applied the method to identify BitTorrent traffic with 13 application signatures.The experiment results show that the efficiency and accuracy of the method are exciting and the method can be applied to high speed networks.The experiment results also show that the false negatives and false positives models are very accurate.
peer-to-peer traffic identification packet sampling application signatures BitTorrent
Zhenbin Guo Zhengding Qiu
Institute of Information Science,BeijingJiaotong University,Beijing 100044,China Institute of Information Science,Beijing Jiaotong University,Beijing 100044,China
国际会议
9th International Conference on Signal Processing(第九届国际信号处理学术会议)(ICSP08)
北京
英文
2008-10-26(万方平台首次上网日期,不代表论文的发表时间)