標題: | 真實網路流量分類演算法:利用封包大小分佈與連接埠關聯性之流量辨識 Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
作者: | 彭偉豪 Wei-Hao Peng 林盈達 Yin-Dar Lin 網路工程研究所 |
關鍵字: | 流量辨識;傳輸層行為;封包分佈大小;埠關聯;點對點;Traffic classification;Transport layer behaviors;Packet size distribution;Ports association;peer-to-peer |
公開日期: | 2006 |
摘要: | 傳統的藉由封包特徵來辨識流量的方法已經使用了很長的一段時間,但是遇到應用程式使用加密通訊協定的狀況下便無法使用。相關的研究中發現可以從應用程式在網路傳輸層中展現的特性作為可被辨識的依據。這類方法可分為網路中主機的社交關係與行為統計兩大類型,但是其方法卻有準度不足或是辨識耗時而無法在即時的網路環境中運用。本篇提出了使用應用程式在傳輸層中的封包大小分布特徵加上埠關聯特性的辨識方法。在真實流量中的每條連線皆會經由特徵值運算後變成多維空間中的一個向量,並且藉由計算先前分析出的各應用程式在空間中的代表點之差異即可辨識出該連線屬於何種應用程式,若在加上利用埠關聯之特性,對於應用程式連線的辨識正確率平均可高達96%以上,且擁有平均4% 的誤判率及5% 的漏判率,這樣的誤判主要發生於即時通訊軟體中。最後,我們提出一個簡單的即時的線上架構,證明我們的方法平均可以在一百到三百個封包內辨識出一條連線,且可用於線上的閘道器中。 Signature based classification methodology has been used for a long time, but it can't be applied to encrypted protocol message. Some researches try to find out useful characteristics of separate applications from their transport layer behaviorsthat can be divided into two kinds: social network behaviors and statistical behaviors. Most of them are time-consuming due to a huge amount of information needed. In our work, we use Packet Size Distribution and Ports Association to achieve our goal. Every succeeded connection would be transformed into one vector in the multi-dimensional coordinate spaces and classified into some specified application or other unknown ones. Besides, the Euclidean distances of every connection between all individual centers, the representatives of the applications, will also be computed. Once a connection is identified and classified into some certain session, we can use ports association algorithm to associate and accelerate other connections in the same session. Using the proposed method, we can reach high classification accuracy rate, 96% on average, and low false positive and false negative rate, 4%~5%, after the preparation process of 100~200 packets. Lastly, we present an basic on-line architecture to show the correctness and simplicity. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT009456529 http://hdl.handle.net/11536/82194 |
顯示於類別: | 畢業論文 |