Research on Identify Technique for Application Layer Protocol
|School||Xi'an University of Electronic Science and Technology|
|Keywords||Application Layer Protocol Identification P2P Protocol Ports Characteristic Strings Dynamic Action Characteristics|
As a foundational technique, application layer protocol identification is theprecondition of network security, network management and countering technique. Butwith the development of network protocols, some new protocols use dynamic ports orcryptography. The limits of traditional application layer protocol identificationtechniques are becoming more and more obvious. So some research on application layerprotocol identification is done in this thesis. A comprehensive overview of identificationof application layer protocols is given in this thesis firstly; several identificationmethods are compared, such as the identification techniques based on port mapping,characteristic strings, and dynamic action characteristics mapping and so on. Themechanism and the advantages and drawbacks of these technologies are analyzed.Based on the study of the existing techniques for application layer protocolidentification and combined advantages of these methods, a new method for applicationlayer protocol identification is proposed in this thesis. This method can be used toidentify both P2P protocols and traditional application layer protocols, and in theory, itis more accurate, and more efficient. An application layer protocol identification systembased on this new method is designed in the Windows system with Visual C++languageand Winpcap at the end of this thesis. The results of performance testing show that thenew method for application layer protocol identification is effective and feasible.