دسته بندي ترافيك P2P مبتني بر روش تركيبي

چكيده انگليسي :

Classification of P2P Traffic Based on Hybrid Model Farzane Karami farzane karami@ec iut ac ir May 1 2016 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language Farsi Supervisor Dr Mehdi Brnjkoub brenjkb@cc iut ac ir Abstract Internet traffic classification plays an important role in the different aspects of network management such as balancingbandwidth assuring Quality of Service QoS and implementing billing mechanisms Nowadays detection and classificationof P2P traffic is an important concern of ISPs and network administrators The P2P applications are growing widely and theyact greedy consuming bandwidth as much as they can The P2P host can easily share its content for other peers so it makesadditional traffic in its LAN Sharing and distributing the contents makes peers near to each other however causes viruses andthreats disseminate rapidly It is important to restrict the P2P traffic for security policies The P2P protocols use obfuscationmethods to hide their traffic from filters and pass firewalls These protocols use encryption random ports and make detectionmore difficult The encryption makes content of payload inaccessible and causes the content based approaches will beineffective New methods which do not employ deep packet inspection are suitable for detecting encrypted protocols They use information of headers in third and forth layers which are feasible but not encrypted Packet size and inter arrivaltime between packets of flow are the two important information of those headers The obfuscation can also happen inthe header information by means of changing and padding more bytes to packets The combination of approaches is moreeffective since Relying on only one method can not handle payload and header obfuscations The combination of methodswhich uses information of payload and header of packets is called hybrid method In this thesis the hybrid method isused to classify encrypted protocols In this classification the content based method is combined with the method whichuses the header information By using these two methods obfuscated protocols are detected with high accuracy In thisapproach the part of content based classifier measures the randomness of data in payloads of packets For measuring therandomness two techniques are implemented and the new one which is proposed in this thesis is more accurate than theother After comparing the two new techniques the header information is added to the features so the hybrid classificationis implemented Key Words Internet traffic classification Statistical features Hybrid methods Machine learning

كرمي، فرزانه

دسته بندي ترافيك P2P مبتني بر روش تركيبي

ويژگي هاي آماري , يادگيري ماشين