Documente Academic
Documente Profesional
Documente Cultură
2009-11-11 1
Contents
2009-11-11 2
Contents
2009-11-11 3
The state of the art
Port-base approaches[1]
Port number may be dynamic
Deep Packet Inspection(DPI) [2][3]
Advantages:
• can recognize particular P2P applications
• can achieve high detection accuracy
Drawbacks:
• cannot identify applications with unknown signatures.
• cannot be used on encrypted traffic.
• examining user payloads raises privacy and legal concerns
• The high computation overhead for checking signatures
Approaches based on P2P traffic behavior [4]-[10]
Advantages:
• Can identify unknown p2p application.
• Can identify encrypted p2p application
Drawbacks:
• Cannot recognize particular P2P applications
• False Positive
2009-11-11 4
REFERENCES
[1]S. Sen and J. Wang, “Analyzing peer-to-peer traffic across large networks,” IEEE/ACM
Transactions on Networking (TON), vol. 12, no. 2, pp. 219–232, 2004.
[2]S. Sen, O. Spatscheck, and D. Wang, “Accurate, scalable innetwork identification of p2p traffic
using application signatures,” in WWW ’04: Proceedings of the 13th international conference on
World Wide Web, New York,
[3]Bleul H., Rathgeb E. P., Zilling S. Advanced P2P multiprotocol traffic analysis based on
application level signature detection. in 12th International Telecommunications Network
Strategy and Planning Symposium. New Delhi, India: Institute of Electrical ,arid Electronics
Engineers Inc. United States, 2007. 408-418
[4]F. Constantinou and P. Mavrommatis, “Identifying known and unknown peer-to-peer traffic,” in
NCA ’06: Proceedings of the Fifth IEEE International Symposium on Network Computing and
Applications, Cambridge, MA, USA, 2006, pp. 93–102.
[5] T. Karagiannis, A. Broido, M. Faloutsos, and K. claffy, “Transport layer identification of p2p
traffic,” in IMC ’04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement,
Taormina, Sicily, Italy, 2004, pp. 121–134. NY, USA, 2004, pp. 512–521.
[6] X. Lu, H. Duan, and X. Li, “Identification of p2p traffic based on the content redistribution
characteristic,” in ISCIT’07: Proceedings of the International Symposium on Communications and
Information Technologies, Sydney, Australia, 2007, pp. 596–601.
[7] M. Perenyi, A. G. Trang Dinh Dang, and S. Molnar, “Identification and analysis of peer-to-peer
traffic,” Journal of Communication, vol. 1, no. 7, pp. 36–46, 2006.
[8]Mong-Fong H., Chun-Wei C., Chin-Shun et al. Identification and Analysis of P2P Traffic- An
Example of BitTorrent. in First International Conference on Innovative Co
[9]DedinskiI L, H D. M., L H., et al. Cross-Layer Peer-to-Peer Traffic Identification and Optimization
Based on Active Networking. in the Seventh Annual International Working Conference on Active
and Programmable Networks. French Riviera: IEEE, 2005. 111-12 mputing, Information and Contr
[10]杨岳湘,王锐,唐川.基于双重特征的P2P流量检测方法.通信学报,2006,27(11A):135-138 ol. Beijing,
China: IEEE, 2006. 266-269
……
2009-11-11 5
Contents
2009-11-11 6
Contents
2009-11-11 7
Capturing packet for P2P Applications analysis
Features: Controllable IP
address, P2P applications
and cross traffic etc.
>10 Controlled PC
Capture Tools:
Tcpdump,Wireshark etc.
2009-11-11 8
Capturing packet for test and evaluation
For Example:
Contents
2009-11-11 11
Test and evaluation method
Baseline: signature-based payload methodology
2009-11-11 12
Evaluation metric
2009-11-11 13
About signature-based payload methodology