基于启发式搜索的IP数据流分类方法的研究被引量：2

Research of IP Flow Classification Based on Heuristic Search

下载PDF

导出

摘要基于应用层载荷特征的IP流分类技术的准确性较高,但是,当特征库庞大时遍历匹配特征库需要消耗大量的时间.鉴于此,提出一种将应用层载荷特征和启发式搜索相结合的IP数据流分类方法.通过从各种应用产生的数据包之间提取共同特征并以此共同特征建立启发式规则,根据启发式规则将特征库划分为多个特征子集,在数据包匹配过程中只需要根据启发式规则搜索匹配特定的特征子集,从而大大减少了对无关特征的匹配过程,使待匹配的特征子集具有更强的针对性、使得时间性能得到提高.对于部分应用采用以DNS为引导的方法来对数据包进行分类,该方法部分消除了基于载荷无法对加密数据进行识别的弊端.本文用C语言实现了该算法,并与开源软件l7-filter算法进行了对比实验.实验结果表明:在离线状态下,本文提出的方法的分类速度是l7-filter分类速度的6-10倍,总体识别准确性达到98%以上. The accuracy of IP flow classification based on the characteristics of the application layer is relatively high,but it will cost a lot of time to match the feature library when the feature library is huge.To solve this problem,this paper proposes an approach of traffic classification that combines the characteristics of the application layer with heuristic search.First,we extract the common features from the packets generated by a variety of applications to establish the heuristic rules.Second,we divide the feature library into several feature subsets according to heuristic rules.Then in the process of traffic classification,we only need to match a specific feature subset according to heuristic rules,so the matching of irrelevant features can be greatly reduced,the feature subset is more targeted to be matched and the time performance is improved.For some applications we use DNS as a guide in traffic classification,overcoming the drawback that the encrypted data can not be identified based on the characteristics of the application layer.This paper realizes the algorithm with C language and compares it with l7-filter.The experiments show that the offline classification speed of the method presented in this paper is as 6-10 times as l7-filter,and the accuracy of identifying traffic of various application in our method can reach more than 98%.

作者武飞曾凡平熊能邓超强董齐兴

机构地区中国科学技术大学计算机科学与技术学院中国科学院软件研究所计算机科学国家重点实验室安徽省计算与通讯软件重点实验室

出处《小型微型计算机系统》 CSCD 北大核心 2012年第10期2153-2157,共5页 Journal of Chinese Computer Systems

基金安徽省自然科学基金项目(11040606M131)资助

关键词数据流分类启发式规则正则表达式 17-filter traffic classification heuristic rules regular expression l7-filter

分类号 TP311 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献12

1Roughan M, Sen S, Spatschek O, et al. Class-of-service mapping for QoS : a statistical signature-based approach to IP mfffic classifi- cation[ C]. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement,2004 : 135-148.
2Iliofotou M, Kim H, Faloutsos M, et al. Graph-based P2P traffic classification at the intemet backbone[ C]. Proceedings of the 12thIEEE Global Intemet Symposium,2009 : 1-6.
3Bernaille L,Teixeira R,Akodkenou I,et al. Traffic classification on the fly [ J ]. ACM SIGCOMM Computer Communication Review, 2006,36(2) :23-26.
4Karagiannis T, Broido A, Faloutsos M, et al. Transport layer identi- fication of P2P traffic [ C ]. Proceedings of the 4th ACM SIG- COMM Conference on Intemet Measurement, 2004:121-134.
5Karagiannis T,Broido A,Brownlee N,et al. Is P2P dying or just hiding.? [C]. Procee, dings of the 47th Annual IEEE Global Tele- communications Conference,2004:1532-1538.
6Karagiannis T, Papagiannaki K, Faloutsos M. BLINC: multilevel traffic classification in the dark[ C]. Proceedings of the 2005 Con- ference on Applications,Technologies ,Architectures, and Protocols for Computer Communications ,2005:229-240.
717-filter [ EB/OL ]. http ://17-filter. clearfoundation, corn/. , Janu- ary,2011.
8Zander S, Nguyen T, Armitage G. Automated traffic classification and application identification using machine learning [ C ]. Proceed- ings of the IEEE Conference on Local Computer Networks 30th Anniversary,2005 : 250-257.
9Wang Hui-qian. Real-time traffic classification based on port number, flow feature and Character-word[ D ]. Shandong University,2011.
10Moore A W,Zuev D,Crogan M L. Discriminators for use in flow- based classification [ R ]. RR-05-13, London: University of Lon- don, 2005.

同被引文献8

1RAUSANDM.系统可靠性理论:模型、统计方法及应用[M].2版.郭强,译.北京:国防工业出版社,2010.
2Du T C,Chen H L.Building a muhiple-criteria negotiation support system[J].IEEE Transactions on Knowledge and Data Engineering,2007,19(6) : 804-817.
3Wang Z,Crow C J.Quality of service routing for supporting multimedia application[J].IEEE Journal on Selected Areas in Communica-tions,1996,14(7 ) : 148-154.
4Cao X R.The potential structure of sample paths and performance sensitivities of markov systems[J].IEEE Transactions on Automatic Control (S0018-9286),200d,49(12) : 2129-2142.
5Zhao L, Harris G.A refinement of multi-processors[J].TOCS, 1935,18 : 87-104.
6Fang H T,Cao X R.Potential-based online policy iteration algorithms for markov decision processes[J].IEEE Transactions on Automatic Control ( S0018-9286 ),2004,49 (4) : 493-505.
7汪金菊,徐小红,朱功勤,朱琇珺,傅建伟.混沌信号的马尔可夫模型降噪[J].系统仿真学报,2009,21(8):2299-2302. 被引量：4
8邢永康,马少平.多Markov链用户浏览预测模型[J].计算机学报,2003,26(11):1510-1517. 被引量：45

引证文献2

1李士勇,张宝剑,潘洁.基于IndeDOT可缓冲配置的马尔可夫模型构架方法[J].河南科技学院学报（自然科学版）,2013,41(2):80-84. 被引量：1
2武飞,曾凡平,张辉,董齐兴.数据流应用层载荷特征正则表达式的自动提取[J].小型微型计算机系统,2014,35(8):1711-1716. 被引量：2

二级引证文献3

1赵荷,赵海燕,宁多彪,谭良.基于序列比对检测的优化SRE多态蠕虫防御方法[J].计算机工程与设计,2017,38(9):2379-2384. 被引量：2
2肖铮.基于马尔可夫决策过程的网络吞吐量最优化算法[J].河北科技师范学院学报,2020,34(2):62-66.
3邢光升,罗翰文.基于深度学习的Web注入行为实时检测技术研究[J].网络安全技术与应用,2019,0(7):39-40.

1王雨生,张秀平.一个游戏[J].北京师范大学学报（自然科学版）,2010,46(1):17-20.
2伍班权,李文龙.当容量与性能难以兼得时的内存配置[J].软件世界（PC任我行）,2003(3):92-93.
3武广东.基于连接特性的Skype流量分析与识别[J].电信快报（网络与通信）,2009(7):42-45.
4渠文龙.模式识别算法在网络流量分类中的应用[J].软件,2013,34(3):72-79. 被引量：12
5武飞,曾凡平,张辉,董齐兴.数据流应用层载荷特征正则表达式的自动提取[J].小型微型计算机系统,2014,35(8):1711-1716. 被引量：2
6戴磊,云晓春,肖军,陈友.一种基于扩充特征集的流分类方法[J].高技术通讯,2009,19(10):998-1005.
7焦小焦,钟诚,杨柳,柳永念.基于流量特征和载荷特征的P2P流量识别[J].计算机工程与科学,2010,32(8):24-28. 被引量：5
8周云钟.多变量系统的模型算法控制[J].电子科技大学学报,1995,24(3):264-270.
9Working离不开消费电子[J].信息系统工程,2007,20(10):36-37.
10葛子毅,程绍银,蒋凡.基于程序不变量的载荷特征提取方法[J].通信技术,2013,46(9):79-82.

小型微型计算机系统

2012年第10期

浏览历史

内容加载中请稍等...

基于启发式搜索的IP数据流分类方法的研究被引量：2

参考文献12

同被引文献8

引证文献2

二级引证文献3

相关作者

相关机构

相关主题

浏览历史

基于启发式搜索的IP数据流分类方法的研究 被引量：2

参考文献12

同被引文献8

引证文献2

二级引证文献3

相关作者

相关机构

相关主题

浏览历史

基于启发式搜索的IP数据流分类方法的研究被引量：2