一個高速端對端訊務偵測與防範系統之設計與雛型製作

Abstract

隨著網際網路的普及，接踵而來的是各種多元而性質不同的服務應用，例如，全球資訊網(World Wide Web)、檔案傳輸協定(File Transfer Protocol)、電子郵件(E-Mail) 、網路電話(Voice over IP) 等等。而在最近十年裡，發展了另一種的網路服務行為：同儕網路(Peer-to-Peer Network)，簡稱為P2P網路。 P2P網路日益普及，已經佔了一般企業與學術網路流量的百分之八十以上，而如此高的使用率，在有限的網路頻寬下，容易將一般網路資源耗盡；也因為P2P網路採用端對端的架構，沒有像傳統用戶伺服器(Client-Server)模式容易將連線紀錄保存下來，所以一旦有非法使用者將企業或私人私密資料藉由P2P網路洩漏給第三者，也不易由傳統檢查紀錄檔的方式查詢；也因此，除了公司企業的洩密危機外，常常會存在著網路間流傳非授權軟體或檔案的威脅。基於上述原因，一般的ISP業者、企業主管機關與學術研究相關單位皆為此而困擾，所以對P2P網路的偵測與防範就有其必要性。 本篇論文針對P2P訊務發展一套有效的偵測與防範系統，著重如何正確的偵測出P2P網路的封包，將其加以攔截。我們對每一個進入系統封包的資料部份進行檢查是否含有代表P2P訊務的特徵字串，來做為判斷的依據。如判斷為P2P訊務，則系統再將以攔截。我們利用管線的概念來設計系統並實作於Intel的網路處理器上，且利用了IXP2400的硬體功能加強檢查及過濾封包的速度，以達成高效能的目的。 在本篇論文中，我們介紹P2P訊務的特性，以及系統用來判別P2P訊務的詳細演算法，最後經由Intel所提供的模擬器實際模擬後，我們的系統在平均來說每秒可以處理數百萬個封包，比市場上之最先進產品有更好之價格性能比，在文中我們也描述了模擬的結果。

With Internet technology becoming more and more popular, various network applications have been proposed, for examples, World Wide Web (WWW), File Transfer Protocol (FTP), E-Mail, and Voice over IP (VoIP). In the last decade, another network service has been developed, that is Peer-to-Peer (P2P) Network. While P2P network spreading rapidly, P2P traffic has occupied up to 80% of corporations and schools’ network traffic. Under limited network resources, such high occupancy consumes most of network bandwidth. Since to there is no log file to keep connection record with the P2P network. Such network behavior leads to blabbing personal secrets illegally and spread files without authorization. This problems lead to the motivation of this investigation to detect and filter P2P traffic. In this thesis, we develop an effective detecting and filtering system for P2P traffic. We check whether an incoming packet payload containing P2P traffic signature or not. Once identifying a P2P packet, our system drops the packet. We also take advantage of content pipeline programming concept and special-purpose network processor hardware to build up a high-performance system. According to simulation results, it shows that our system can handle several million packets per second, which is better than state-of-the art commercial products; further our implementation is more cost effective than those products.