The Research and Implementation of Router Traffic Identification System Based on Multiple Identification Technology
|School||Shanghai Jiaotong University|
|Keywords||DPI DFI Wu-Manber Node tracking Active detection Heuristic feedback Deep associated identification|
With the development and popularization of network technology, network applications become more and more diverse. P2P, online audio, online video and other similar applications are now occupying a higher proportion in network traffic, taking up a large amount of internet bandwidth. This causes the network congestion and the quality of service degradation. The critical business services also could not be guaranteed. Therefore, in the network planning and design, internet behavior management, service classification control and QoS guarantee, it is critical to accurately identify and distinguish the type of applications in network traffic so as to take effective control strategy. In recent years, with the popularity of broadband, the broadband router has come into being as a new network product. It has been integrated with the router, firewall, bandwidth control and management functions etc. It has fast-forwarding capability and rich network management capabilities. Now it becomes a bridge of the access network. So, as an access device, it is very appropriate for traffic identification, QoS control and online behavior management while routing and forwarding. It can make the traffic identification, security, service control, authentication and accounting etc. integrate into a single device and make them collaborative work better. Thus, there is no need for us to deploy some expensive network device, such as firewall, flow control etc., and so it can greatly reduce the network construction costs and operating costs, simplify network maintenance and management for us.In this paper, we in-depth studied the core technology of traffic identification. One is deep packet inspection (DPI) and the other one is deep flow inspection (DFI). We also compare and analyze the advantage and disadvantage of each technology. According to the characteristics of communication of the common network application and combining with the engineering practice, we proposed new multi-level and multi-technology traffic identification architecture of broadband router. This architecture is based on DPI, DFI technology and other fast identification technologies. It has high-efficiency and high-accuracy in identifying the network traffic. We had integrated more than eight traffic identification/matching technology into the architecture. It can effectively solve the problems that the P2P applications and the encrypted traffics which are hard to identify. We had proved that this architecture had a higher identification rate and good stability in a real network.In this paper, the study of traffic identification technology focuses on the following areas: Analyzed and studied the Wu-Manber multi-pattern matching algorithm which had been widely used in DPI technology. And we propose new improved algorithm. This improved algorithm can significantly improve the performance of multi-pattern matching in certain scenario; We proposed a highly scalable and efficient characteristic description language, this description language can take full advantage of network packet’s properties such as packet length, order, direction and protocol type etc.. As a result, it can reduce the matching times of pattern and improve the efficiency of protocol identification. We study the communication characteristics of P2P applications and propose a fast identification technology based on the node tracking. On that basic, we innovative design a heuristic feedback identification mechanism which bases on trusted list, this mechanism combined with the QoS control can effectively inhibit multi-point download of P2P. We propose and implement a deep associated analysis technology of packet. This node tracking technology can accurately predict and identify the network traffics. We propose and implement an innovative identification technology based on active detection, which technology can identify fuzzy characteristics or cryptographic protocols and improve the identification accuracy of DFI technology effectively. Therefore, we think this active detection technology has a certain reference value in the traffic identification technology area.Finally, through some related experiments, we verify, analyze and evaluate the performance and functionality of the traffic identification system.