Parallel Architectures, Algorithms and Programming, International Symposium on (2010)
Dalian, Liaoning China
Dec. 18, 2010 to Dec. 20, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PAAP.2010.47
Accurate, real time identification of P2P traffic is especially important for network management, because they seriously affect QoS of normal network services. In this paper, we propose an omnibus approach to identify Bit Torrent (BT) traffic in real time. We apply application signatures to identify unencrypted traffic. And for those encrypted BT traffic, we propose a message stream model according to the handshakes of the message stream encryption (MSE) protocol which is used by BT to obfuscate the traffic. At last, we propose a pre-identification method based on BT signaling analysis. It can predict BT flows and distinguish them at the first packet of each TCP flow with SYN flag only. And we use modified Vuze clients to generate and label BT traffic in real traffic traces, which help us to evaluate our omnibus approach with high accuracy. The results indicate that our approach can identify BT traffic at the very beginning of or even before the TCP flow.
peer-to-peer, traffic identification, omnibus approach, pre-identification
Y. Zhu, Z. Yang, L. Li and Q. Ji, "An Omnibus Identification of BitTorrent Traffic in a Stub Network," Parallel Architectures, Algorithms and Programming, International Symposium on(PAAP), Dalian, Liaoning China, 2010, pp. 346-353.