一种混合式BitTorrent流量检测方法

计算机应用 ›› 2011, Vol. 31 ›› Issue (12): 3210-3214.

一种混合式BitTorrent流量检测方法

李麟青¹,²,杨哲¹,²,朱艳琴¹,²

1. 苏州大学计算机科学与技术学院, 江苏苏州 215006
2. 苏州大学江苏省计算机信息处理技术重点实验室, 江苏苏州 215006

收稿日期:2011-05-16 修回日期:2011-07-10 发布日期:2011-12-12 出版日期:2011-12-01
通讯作者: 杨哲
基金资助:
国家自然科学基金;江苏省自然科学基金资助项目

Hybrid BitTorrent traffic detection

LI Lin-qing¹,²,YANG Zhe¹,²,ZHU Yan-qin¹,²

1. Provincial Key Laboratory for Computer Information Processing Technology, Soochow University, Suzhou Jiangsu 215006, China
2. School of Computer Science and Technology, Soochow University, Suzhou Jiangsu 215006, China

Received:2011-05-16 Revised:2011-07-10 Online:2011-12-12 Published:2011-12-01
Contact: YANG Zhe

摘要/Abstract

摘要： P2P流量已经成为互联网流量的主要部分，消耗大量的带宽，影响了服务质量，准确并实时检测出P2P流量有助于对P2P应用的监管，并研究其行为和发展。针对P2P流量中比例最大的BT流量，提出了一种混合式的检测方法。该方法由三个子方法构成，分别针对BT流量中的明文流、密文流和信令流进行检测，并预知即将发生的BT流量。实验结果表明，该方法的召回率、准确率和实时性，均优于目前实时性最好的几种机器学习方法。

关键词: 流量检测, 应用层签名, 消息重组, 信令分析

Abstract: Peer-to-peer (P2P) applications generate a large volume of traffic and seriously affect quality of normal network services. Accurate and real-time identification of P2P traffic is important for network management. A hybrid approach consists of three sub-methods was proposed to identify BitTorrent (BT) traffic. It applied application signatures to identify unencrypted traffic. And for those encrypted flows, message-based method according to the features of the message stream encryption (MSE) protocol was proposed. And a pre-identification method based on signaling analysis was applied to predict BT flows and distinguish them even at the first packet with SYN flag. And some modified Vuze clients were used to label BT traffic in real traffic traces, which made high accuracy benchmark datasets to evaluate the hybrid approach. The results illustrate its effectiveness, especially for those un- or semi- established flows, which have no obvious signatures or flow statistics.

Key words: traffic identification, application signature, message resembling, signaling analysis

李麟青杨哲朱艳琴. 一种混合式BitTorrent流量检测方法[J]. 计算机应用, 2011, 31(12): 3210-3214.

LI Lin-qing YANG Zhe ZHU Yan-qin. Hybrid BitTorrent traffic detection[J]. Journal of Computer Applications, 2011, 31(12): 3210-3214.

[1]	肖斌, 甘昀, 汪敏, 张兴鹏, 王照星. 基于端口注意力与通道空间注意力的网络异常流量检测[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1027-1034.
[2]	张帅华, 张淑芬, 周明川, 徐超, 陈学斌. 基于半监督联邦学习的恶意流量检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3487-3494.
[3]	杭梦鑫, 陈伟, 张仁杰. 基于改进的一维卷积神经网络的异常流量检测[J]. 计算机应用, 2021, 41(2): 433-440.
[4]	陈旖, 张美璟, 许发见. 基于一维卷积神经网络的HTTP慢速DoS攻击检测方法[J]. 计算机应用, 2020, 40(10): 2973-2979.
[5]	甘玲, 李瑞. 基于自适应虚拟线圈的多车道车流量检测算法[J]. 计算机应用, 2016, 36(12): 3511-3514.
[6]	王小鹏郭莉琼. 公路车流量视频检测方法[J]. 计算机应用, 2012, 32(06): 1585-1588.
[7]	裴江卢选民周亚建. 一种基于节点状态的P2P流量检测模型[J]. 计算机应用, 2009, 29(3): 662-664.