【作者】 陈蕾；

【导师】 石文孝；

【作者基本信息】 吉林大学 ， 电子与通信工程， 2011， 硕士

【摘要】 随着移动互联网业务的蓬勃发展,业务种类不断丰富,移动网络运营商既要支撑本公司提供的各种IP业务,还要为用户自由使用的种类繁多的IP业务提供承载功能。本论文首先介绍了深度包检测技术的原理,阐明了DPI技术的优势和弊端,并介绍了典型的业务识别方法,包括基于特征字的检测技术,应用层网关识别技术和行为模式识别技术。基于特征字的检测技术就是通过对网络中数据流负载部分的特征信息进行模式匹配,从而识别出网络数据流量的特征字。应用层网关技术首先识别出网络业务的控制流,然后根据控制流的协议内容中解析出业务流的相关信息,再对业务流进行解析,从而识别出业务流。行为模式识别技术适用于无法根据协议判断的业务。这三类识别技术适用的协议类型不同,也不可相互替代,若想有效准确地识别网络上的各种应用,必须要综合运用这三大技术。本论文主要分析了CMNET承载的移动互联网业务的网络特征和业务特征,研究了重点业务的识别方法,包括飞信、彩信、WAP、移动QQ、BT下载,分析了这几种业务的协议解析方法,通过对各类业务的协议分析及数据包解码分析,对几类业务的协议特征及识别方法做出了详细的阐述,给出了详细的业务识别方法。提出了适用于以上几种业务的业务识别方法,即关联流分析法和打孔式特征串概率匹配法。深入研究了典型业务的特征,实现对WAP浏览、彩信、飞信和移动QQ等移动特色业务的识别,实现对代表性的P2P业务即BT下载业务的识别。关联流分析法的基本思想是基于流完成业务识别,适用于TCP业务。将提取的数据包按五元组分类,每一类就是一个数据流,称为关联流。如果能够准确识别出一个关联流中的任意一个数据包的业务类型,则完成流识别。打孔式特征串匹配算法的思想是在整个IP包数据的几个固定位置取得字段并与固定特征字符串匹配识别,是针对具有在固定位置出现固定特征字符串的协议采用的一种区别于逐字搜索的识别方法。本论文提出了高效的关联流识别和打孔式特征匹配相结合的识别方法。即先按照TCP关联将数据包分类,利用打孔式特征串匹配算法或者逐比特匹配的方法从中找到有业务特征的数据包,然后将该关联下的所有数据包归为一类业务。这两种方法具有识别效率高、准确性高、容易实现等特点。基于提出的业务识别的方法和算法,编写了业务识别软件,DPI软件。应用该软件对现网的混合业务数据包做深度业务识别。识别结果证明,所提出的关联流分析法和打孔式特征串概率匹配法简单高效,识别准确度较高。更多还原

【Abstract】 As mobile internet business is booming, the types of service are continuously enriched, Mobile network operation companies have to support the variety of IP services offered by themselves a variety of ip, and have to provide hosting features to the varieties IP services which is used by the users freely as well.This paper introduces the Deep Packet Inspection technology first,then explains the advantages and drawbacks of DPI technology. Introduce the typical service identification method, including the detection technology based on the characteristics, the identify technology of application gateways, and the identify technology of activity mode. The detection technology based on the characteristics is to do mode maching through the characteristic information of the network dateflow load part, then identify the detection of the network dataflow. The identify technology of application gateways identify the controlling flow of the network service first, then ranalyses the related information of service flow based on the agreement content of the control flow, at last analyses the service flow to identify the service flow.The identify technology of activity mode is used to the services that can not been judged according to the protocol. The three types of identification technology are used to different types of protocols, also can not be substituded of each other. The three technologies have to be used generally if we want to identify different services of network efficiently and accurately.This paper mainly analyses the network features and service features of the mobile internet which is supported by the CMNET. Study the service identification methods of major businesses,including Fetion, Multimedia Message, WAP browsing, mobile QQ,and BitTorrent download. Analyze the protocol analysis methods of them, Propose service identification methods applicable to the services above. Propose two effective means of service identification. They are the analysis means of associated flow and the matching means of drilling in the character string. Deeply study the characteristics of the typical services. Achieve the service identification of Fetion, Multimedia Message,WAP browsing, mobile QQ. As well as the service identification of BitTorrent download service which is representative of P2P business.T The basic thought of associated flows is based on the flow to finish the service identification, which applies to TCP services. Classify the data packet according to the quintuple information,every class should be a data flow which called associated flow. If you could identify any data service of service pocket from an associated flow accurately, then flow identification is finished.The matching means of drilling in the character string idea is that the entire IP packet data field and made several fixed locations and features string smatching recognition. It is a identification method fixed position for a fixed feature in the protocol used in astring literal search which is different from recognition.This paper presents efficient identification and associated flow characteristics of punch-type matching acombination ofidentification methods. That is,first according to the TCP packet classification associated with the use of punch-typecharacteristics, or by-bit string matching algorithms to find a way to match the operational characteristics of the data packet, and then classify all the data packets associated into one class of business.The two means of service identification can be of high efficiency, accurate and easy to achieve.Based on the means of service identification and algorithms, compile a service identification software, it is DPI software.Using the software can identify data packages in depth in the mobile internet business.The identify results show that the analysis means of associated flow and the matching means of drilling in the character string are simple,efficient and of high accuracy in identification.更多还原