P2P Traffic Detection Technology Based On Protocol Analysis

With the popularity and development of the Internet, P2P file sharing networks have emerged as a new popular application in the Internet scenario. More and more users download the large amount of documentation through P2P, especially video and audio files. The survey shows that about 60% to 80% of Internet broadband traffic is consumed by P2P applications. The increasing of P2P traffic has brought about enormous consumption of network broadband, and reduced other normal applications performance seriously, particularly in the enterprises. Therefore, identification and control of P2P traffic has become a key issue.Early P2P applications commonly used fixed port numbers to transfer data. These P2P applications can be detected accurately through the port numbers. With the development of P2P protocols, however, current P2P applications use several obfuscation techniques to avoid detection, including random port numbers, HTTP masquerading and encrypted payloads. This paper mainly uses deep packet inspection (DPI) and signatures of P2P protocols to identify P2P traffic.In this paper, we firstly discuss the characteristics between different P2P protocols in various periods, and give a study on DPI via a simple example of KaZaA. Then we analyze some famous P2P protocols and find out their signature strings. Meanwhile, we give a method to design a signature library. In this paper, the system we implemented uses off-line detection method to identify P2P traffic through analyzing capture files of Sniffer.This paper discusses and analyzes four string matching algorithms (Brute-Force algorithm, KMP algorithm, Boyer-Moore algorithm and QS algorithm), and also compares the actual performance of the various algorithms. Through the text strings and actual network traffic data matching experiments, QS algorithm is chosen to achieve the feature of signature string matching.Then, this paper presents an algorithm in order to find out possible signature strings automatically by analyzing P2P traffic.Finally, we give a summarization of this paper and present the next work we will do.