网络汇聚点传输层拓扑的流量识别

doi:10.3724/SP.J.1087.2012.01807

计算机应用 ›› 2012, Vol. 32 ›› Issue (07): 1807-1811.DOI: 10.3724/SP.J.1087.2012.01807

网络汇聚点传输层拓扑的流量识别

张剑¹,²,曹萍³,寿国础²

1. 闽江学院计算机科学系，福州350008
2. 北京邮电大学信息与通信工程学院，北京100876
3. 福州大学公共管理学院，福州350008

收稿日期:2012-01-16 修回日期:2012-03-10 发布日期:2012-07-05 出版日期:2012-07-01
通讯作者: 张剑
作者简介:张剑(1974-),男,甘肃武威人,讲师,博士,主要研究方向：网络流量识别与分类;曹萍(1971-),女,重庆江津人，副教授,博士,主要研究方向：决策理论与技术;寿国础(1965-),男,浙江诸暨人,教授,博士生导师,主要研究方向：光接入网。
基金资助:
国家863计划项目(2008AA01Z218）

Traffic identification based on transport-layer topology at network aggregation point

ZHANG Jian¹,²,CAO Ping³,SHOU Guo-chu²

1. Department of Computer Science, Minjiang University, Fuzhou Fujian 350008, China;
2. School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China
3. School of Public Management, Fuzhou University, Fuzhou Fujian 350008, China

Received:2012-01-16 Revised:2012-03-10 Online:2012-07-05 Published:2012-07-01
Contact: ZHANG Jian

摘要/Abstract

摘要： 针对利用数据流统计特性的网络流量分类算法复杂及实时性差的问题，提出一种基于传输层拓扑的网络流量识别方法，根据应用类型在汇聚节点表现出不同的主机连接拓扑结构，提取应用类型的拓扑特征，结合深度包检测(DPI)技术生成应用类型库，并基于该库和启发式准则实现典型应用类型的快速识别和分类。实验结果表明，所提方法对各主要应用类型的识别精确度均高于85%，并将未识别流比例从深度包检测技术的18%降低到7%，有效利用了不同应用类型的连接拓扑信息，能提高应用类型的识别准确度。

关键词: 流量识别, 传输层, 拓扑结构, 应用类型库

Abstract: Considering the complexity and poor real-time quality of classification algorithms based on the statistical characteristics of network traffic, a new traffic identification method was proposed based on transport-layer topology. According to the different host connection characteristics in terms of application types at aggregation point, the proposed method extracted topological characteristics of application types by capturing the transport layer connection information, and then produced application type pools based on Deep-in Packet Inspection (DPI) technique, finally identified the application types of traffic combining the pools and heuristic rules. The experimental results show that the proposed method gains precision higher than 85% for identifying main application types and reduces ratio of un-identified flows from 18% to 7%. It utilizes transport-layer topology information of different application types and can enhance the recognition accuracy of application types.

Key words: traffic identification, transport layer, topological structure, application type pool

中图分类号:

TP393.07

张剑曹萍寿国础. 网络汇聚点传输层拓扑的流量识别[J]. 计算机应用, 2012, 32(07): 1807-1811.

ZHANG Jian CAO Ping SHOU Guo-chu. Traffic identification based on transport-layer topology at network aggregation point[J]. Journal of Computer Applications, 2012, 32(07): 1807-1811.

参考文献

［1］ CALLADO A, KAMIENSKI C, SZABO G. A survey on Internet traffic identification ［J］. IEEE Communications Surveys and Tutorials, 2009, 11(3): 37-52.

［2］ SEN S, SPATSCHECK O, WANG D. Accurate scalable in network identification of P2P traffic using application signatures ［C］// Proceedings of the 13th International Conference on World Wide Web. New York: ACM, 2004: 512-521.

［3］ ZANDER S, NGUYEN T, ARMITAGE G. Automated traffic classification and application identification using machine learning ［C］// Proceedings of the 30th Conference on Local Computer Networks. Piscataway: IEEE, 2005: 1-8.

［4］ ERMAN J, ARLITT M, MAHANTI A. Traffic classification using clustering algorithms ［C］// Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. New York: ACM, 2006: 11-15.

［5］蔡君,余顺争.基于复杂网络社团划分的网络流量分类［J］.计算机科学,2011,38(3):80-82

［6］ KARAGIANNIS T, PAPAGIANNAKI D, FALOUTSOS M. BLINC: Multilevel traffic classification in the dark ［J］. Computer Communication Review, 2005, 35(4): 229-240.

［7］ DEWAELE G, HIMURA Y, BORGNAT P. Unsupervised host behavior classification from connection patterns ［J］. International Journal of Network Management, 2010, 20(5): 317-337.

［8］ WEI L, MOORE W, CANINI M. Classifying HTTP traffic in the new age ［C］// Conference of the Special Interest Group on Data Communication 2008. New York: ACM, 2008: 479-480.

［9］ FLOYD S, PAXSON V. Difficulties in simulating the Internet ［J］. IEEE/ACM Transactions on Networking, 2001, 9(4): 392-403.

［10］ SOULE A, LAKHINA A, TAFT N, et al. Traffic matrices: balancing measurements, inference and modeling ［J］. ACM SIGMETRICS Performance Evaluation Review, 2005: 33(1): 362-373.

［11］张文铸,刘佳,袁坚,等.基于PCA的对等网络流量时空特性监测［J］.清华大学学报,2010,50(4):561-564.

[1]	陆秋琴, 靳超. 煤炭运输公路网络可靠性仿真分析[J]. 计算机应用, 2019, 39(1): 292-297.
[2]	刘粟, 于炯, 鲁亮, 李梓杨. Storm环境下基于拓扑结构的任务调度策略[J]. 计算机应用, 2018, 38(12): 3481-3489.
[3]	燕昺昊, 韩国栋, 黄雅静, 王孝龙. 非平衡网络流量识别方法[J]. 计算机应用, 2018, 38(1): 20-25.
[4]	丁大钊, 陈云杰, 靳彦青, 刘树新. 基于拓扑连接紧密度的相似性链路预测算法[J]. 计算机应用, 2017, 37(8): 2129-2132.
[5]	马林进, 万良, 马绍菊, 杨婷, 易辉凡. 基于词袋模型的分布式拒绝服务攻击检测[J]. 计算机应用, 2017, 37(6): 1644-1649.
[6]	王班, 马润年, 王刚, 陈波. 改进的加权网络节点重要性评估的互信息方法[J]. 计算机应用, 2015, 35(7): 1820-1823.
[7]	刘家芬. 基于串空间理论的安全协议自动验证[J]. 计算机应用, 2015, 35(7): 1870-1876.
[8]	董跃华, 戴玉倩. 混合粒子群算法的软件测试数据自动生成[J]. 计算机应用, 2015, 35(2): 545-549.
[9]	董海韬, 田静, 杨军, 叶晓舟, 宋磊. 适用于网络内容审计的SSL/TLS保密数据高效明文采集方法[J]. 计算机应用, 2015, 35(10): 2891-2895.
[10]	郭伟王西闯肖振久. 基于K均值和双支持向量机的P2P流量识别方法[J]. 计算机应用, 2013, 33(10): 2734-2738.
[11]	罗亚男付永庆. 基于分层路网的路径规划算法[J]. 计算机应用, 2013, 33(06): 1763-1766.
[12]	谌双双陈泽茂王浩. 基于身份的无线传输层安全握手协议改进方案[J]. 计算机应用, 2011, 31(11): 2954-2956.
[13]	魏永红李科杰. 层次拓扑结构的无线传感器网络能量模型[J]. 计算机应用, 2010, 30(07): 1731-1735.
[14]	彭长艳张权唐朝京. 基于IBC的TLS握手协议设计与分析[J]. 计算机应用, 2009, 29(3): 633-637.
[15]	叶秀芬乔冰郭书祥郭庆昌. 虚拟手术仿真中人体软组织形变技术的研究[J]. 计算机应用, 2009, 29(2): 568-573.

网络汇聚点传输层拓扑的流量识别

Traffic identification based on transport-layer topology at network aggregation point

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics