This article focuses on identifying file-sharing peer-to-peer (P2P) (such as BitTorrent (BT)) traffic at the borders of a stub network. By analyzing protocols and traffic of applications, it is found that file-s...This article focuses on identifying file-sharing peer-to-peer (P2P) (such as BitTorrent (BT)) traffic at the borders of a stub network. By analyzing protocols and traffic of applications, it is found that file-sharing P2P traffic of a single user differs greatly from traditional and other P2P (such as QQ) applications' traffic in the distribution of involved remote hosts and remote ports. Therefore, a method based on discreteness of remote hosts (RHD) and discreteness of remote ports (RPD) is proposed to identify BT-like traffic. This method only relies on flow information of each user host in a stub network, and no packet payload needs to be monitored. At intervals, instant RHD for concurrent transmission control protocol and user datagram protocol flows for each host are calculated respectively through grouping flows by the stub network that the remote host of each flow belongs to. On given conditions, instant RPD are calculated through grouping flows by the remote port to amend instant RHD. Whether a host has been using a BT-like application or not can be deduced from instant RHD or average RHD for a period of time. The proposed method based on traffic characteristics is more suitable for identifying protean file-sharing P2P traffic than content-based methods Experimental results show that this method is effective with high accuracy.展开更多
基金the National Basic Research Program of China (2003CB314804)the Research Program of NUPT (NY206010)
文摘This article focuses on identifying file-sharing peer-to-peer (P2P) (such as BitTorrent (BT)) traffic at the borders of a stub network. By analyzing protocols and traffic of applications, it is found that file-sharing P2P traffic of a single user differs greatly from traditional and other P2P (such as QQ) applications' traffic in the distribution of involved remote hosts and remote ports. Therefore, a method based on discreteness of remote hosts (RHD) and discreteness of remote ports (RPD) is proposed to identify BT-like traffic. This method only relies on flow information of each user host in a stub network, and no packet payload needs to be monitored. At intervals, instant RHD for concurrent transmission control protocol and user datagram protocol flows for each host are calculated respectively through grouping flows by the stub network that the remote host of each flow belongs to. On given conditions, instant RPD are calculated through grouping flows by the remote port to amend instant RHD. Whether a host has been using a BT-like application or not can be deduced from instant RHD or average RHD for a period of time. The proposed method based on traffic characteristics is more suitable for identifying protean file-sharing P2P traffic than content-based methods Experimental results show that this method is effective with high accuracy.
