1. Provincial Key Laboratory for Computer Information Processing Technology, Soochow University, Suzhou Jiangsu 215006, China 2. School of Computer Science and Technology, Soochow University, Suzhou Jiangsu 215006, China
Abstract:Peer-to-peer (P2P) applications generate a large volume of traffic and seriously affect quality of normal network services. Accurate and real-time identification of P2P traffic is important for network management. A hybrid approach consists of three sub-methods was proposed to identify BitTorrent (BT) traffic. It applied application signatures to identify unencrypted traffic. And for those encrypted flows, message-based method according to the features of the message stream encryption (MSE) protocol was proposed. And a pre-identification method based on signaling analysis was applied to predict BT flows and distinguish them even at the first packet with SYN flag. And some modified Vuze clients were used to label BT traffic in real traffic traces, which made high accuracy benchmark datasets to evaluate the hybrid approach. The results illustrate its effectiveness, especially for those un- or semi- established flows, which have no obvious signatures or flow statistics.