面向业务感知的流量监控技术研究
|
摘要
随着互联网、下一代网络等电信技术的出现,宽带用户量急剧上升,网络应用越来越多样化,运营环境发生了很大的变化。P2P、VoIP、VoD、IPTV、在线游戏、即时通信等各种网络应用的出现,对IP网络提出了越来越高的品质需求和带宽需求。在当前情况下,无监管的VoIP业务、P2P业务、异常流量以及不受控的宽带私接占据了大量的带宽,冲击着各大运营商的运营管理模式,运营商逐渐对网络应用失去掌控能力,同时,由于网络管道化严重,运营商增加投入提高网络容量,但是却难以分享增值业务带来的收入,形成“增量不增收”的尴尬局面。这些环境的变化促使运营商必须对网络流量进行精细化的管理和控制,提供差异化的服务。从业务监控、初级运营到高级阶段,通过详细分析流量和用户行为数据,为流量管理和业务运营提供管理手段,并提供定制化服务,从而改进运营手段。针对这一现状和需求,本文从运营商的角度出发,着重研究了面向业务感知的流量监控技术,在基本网络流量监管的基础上,能够深入发掘用户业务类型和用户行为,减少共享私接带来的业务损失,通过定制化的信息推送提高增值业务收入,从而推动运营商由管道商向服务提供商的转型。
本文是以业务采集分析平台技术为基础,辐射业务识别检测、流量控制、共享接入检测和Web推送等多项业务类型,同时深入研究并解决了这些业务实现的关键技术,能够满足不同方面不同场景下对于网络监管和网络服务的要求。具体来说,研究工作主要包括以下几方面:
1、在业务识别监控方面,研究了从端口识别、特征识别到行为分析的业务检测技术以及基于TCP和UDP的业务阻断干扰技术,重点介绍了基于专家库的流量分类技术和基于行为特征的分类算法,其中在专家库识别领域提出了专家库的五种特征模式,并引入了一种利用多流特征进行识别的技术;在行为特征识别领域,提出了一种基于分形理论进行分类的检测技术;此外,在业务识别的基础上,需要对特定业务进行限制、干扰甚至阻断,本文研究了旁路部署模式下的流量控制技术,在面向无连接的UDP干扰阻断技术方面,提出了四种具体的干扰和控制方法及思路,能够覆盖大多数基于UDP的P2P应用的干扰控制。
2、在Web推送业务方面,分析目前主流的Web推送和广告推送技术实现原理,提出了一种Web推送的方法,同时比较了四种主流Web推送方案的优缺点,并分析了各方案所适用的场景,最后从用户、推送内容、推送类型三个层面对推送业务管理策略提出了建议,使Web推送能更好的具备定制化和针对性,从而促进业务增值的拓展。
3、在共享接入检测方面,鉴于其既属于基础流控平台又属于业务范畴的重要性,通过对当前主流的共享接入主机数目检测技术深入的分析,提出了5种检测算法,包括被动Cookie算法、内网IP算法、主动Cookie算法、系统时间算法和MTU算法,按照主动算法和被动算法进行分类,总结了各个算法的优缺点,指出了当前各算法所具有的场景局限性。在此基础上,提出了一种综合性共享上网主机数目检测的模型和系统,建立了先使用被动算法区分用户类型再使用主动算法进行精确主机数目判断的模型,设计了一种可扩展的检测系统,在提高算法准确度的同时,极大地避免了正常用户受到影响,适应于各种不同的检测场景。
4、引入多轨迹识别的概念,对多轨迹识别问题建立了数学模型,并将一类轨迹——恒变循环轨迹的问题归结为特例的剩余类循环轨迹的问题,基于这类轨迹提出了基于冒泡原理的多轨迹识别算法,通过利用各轨迹之间的交替特性依次使各轨迹浮出,容错性能好,在理论上证明了算法的收敛性,利用IPID变化规律具有恒变循环轨迹特征可用于共享接入检测来进行验证,实验证明该算法大大提高了检测效率,对异常情况更具容忍度。
5、在多轨迹识别理论方面,定义了另一类轨迹——二值异或群循环轨迹,并针对这类轨迹提出了高效的检测算法,通过将求解与基轨迹相异或的元素值的问题转化为求解每一特征位的模式问题,极大地提高了算法的可操作性和准确高效性。利用DNS变化规律具备二值异或群循环轨迹特征进行实验,表明该算法需要较少的样本数据即可进行检测,具有较好的容忍度和准确度。
Along with the emergence of more and more Internet and NGN (Next Generation Network) technologies, the number of broadband-access users has increased sharply; meanwhile, network applications become wider and wider so that great changes have taken place in operation environment. The appearance of various network applications, such as P2P, VoIP, VoD, IPTV, Game online, IM etc., needs more and more quality and bandwidth. In modern times, unsupervised VoIP service, P2P service, abnormal traffic and unmanaged shared access ties up a lot of bandwidth. The situation makes operation and management mode of traditional carriers to be in an extremely vulnerable position. The carriers gradually lose control of network applications; in the meantime, they increase financial input to improve network capacity which can't help them to share revenue of value added service because of serious network chanelized state. So it's so embarrassed for the traditional carriers. The severe case forces them to manage and operate the network in fine-grained level and provide diverse network services. From service monitoring and primary operation to advanced operation, they can provide management means and customized services for traffic inspection and service operation to improve their service quality. Aiming at the status and requirement, the paper mainly studies the technologies of traffic flow monitoring oriented to service recognition from the view of carriers, which can exhumate user application type and user behavior deeply, reduce the service losses result from shared access and raise their income of value added service by information push based on network traffic monitoring to play a pivotal role in transformation on carriers from channel provider to service provider.
The paper radiates in service inspection, traffic control and interruption, shared access detection and Web push technology on the basis of service gathering and analysis technology. The key techniques are studied and solved in the service implementation to meet the needs of various application scenes and aspects to network monitoring and service. There are several features of the work as follows:
1. In respect of service inspection and monitoring field, this paper does some research on service detection techniques from port-based, feature-based to user behavior-based technologies and service interrupt technologies based on TCP and UDP, especially traffic classification algorithms based on expert base and behavior feature. The paper proposes five feature mode of expert base in the detection field based on expert base and puts forward a new multi-flow detection technology which can solve some problem of difficulty to recognise some enciphered data, besides, it presents a new classification technology based on fractal dimension in behavior feature detection field to utilize the attribution of self-similarity in P2P application traffic for identification. Restriction, interference and interruption to special service flow are needed after identifying related service. Because the control technology in straight deployment mode has been mature and is easy to implement, the research on flow control technology in bypass deployment mode is a key point and a difficult one especially for connectionless UDP application. The paper also suggests 4 methods and concepts for controlling UDP application which can cover the mainstream UDP service traffic.
2. In respect of Web push service field, after analyzing the popular Web push and advertisement push technologies, the paper proposes a new Web push approach, and then compares the shortages and advantages of 4 main Web push methods and comes to the conclusion of the scenario that each approach is fit for. Finally, the paper advised the policy of push service management to be considered from three levels, namely:user type, content to push and presentation way so that Web push has the quality of customization and relevance which can promote business development better.
3. In respect of shared access detection field, the paper processes it as the most important study. By making detail analysis and deep study to the popular detection technologies for NATed hosts, the paper proposes 5 new types of detection algorithms, including passive Cookie algorithm, Inner-IP algorithm, active Cookie algorithm, system time algorithm and MTU algorithm. Then all the algorithms fall into two groups:passive algorithm and active algorithm. Finally the paper analyzes the merits and demerits of these algorithms and points out their limitation on application scenes. Based on this, the paper puts forwards an integrative model and system based on features of each algorithm. At first end users are classified according to user states, then the system makes use of passive algorithms to determine user type, after that utilizes active algorithms to calculate the number of NATed hosts exactly. This detection system has good scalability and hierarchy and can makes a new detection algorithm integrated easily, moreover it improves the accuracy of detection and avoids normal user experience to be interrupted.
4. The paper introduces multi-track separating concept for the first time and builds the mathematical model of multi-track separating theory to deepen the technology of shared access detection so that the related theory and algorithms can be extended to more application areas. Meantime, the notion of constant-step circular track is present which can be finally turned into residue class circular track problem. The paper provides a multi-track separating algorithm based on bubble principle which separates tracks in accordance with descending order in attribute values by using the feature of variances about multi-tracks in turn, rather than applying the traditional separating method by track interval. The results indicate that this approach is highly accurate and convergent by detecting shared access hosts using the change regularity of IPID which has the character of constant-step circular track.
5. In respect of the multi-track separating theory field, the paper defines a new type of track that is called binary XOR group circular track and then proposes a new separating algorithm for the kind of track, by which solving the element that is performed XOR operation with base track can be converted into deciding eigen bit mode of the track. It proves to be correct in theory and improves the operability and efficiency greatly. The results indicate that this approach is with high accuracy and tolerance of mis-report and needs small sample size to achieve the detection goals by detecting shared access hosts using the change regularity of DNS which has the character of XOR group circular track.
本文是以业务采集分析平台技术为基础,辐射业务识别检测、流量控制、共享接入检测和Web推送等多项业务类型,同时深入研究并解决了这些业务实现的关键技术,能够满足不同方面不同场景下对于网络监管和网络服务的要求。具体来说,研究工作主要包括以下几方面:
1、在业务识别监控方面,研究了从端口识别、特征识别到行为分析的业务检测技术以及基于TCP和UDP的业务阻断干扰技术,重点介绍了基于专家库的流量分类技术和基于行为特征的分类算法,其中在专家库识别领域提出了专家库的五种特征模式,并引入了一种利用多流特征进行识别的技术;在行为特征识别领域,提出了一种基于分形理论进行分类的检测技术;此外,在业务识别的基础上,需要对特定业务进行限制、干扰甚至阻断,本文研究了旁路部署模式下的流量控制技术,在面向无连接的UDP干扰阻断技术方面,提出了四种具体的干扰和控制方法及思路,能够覆盖大多数基于UDP的P2P应用的干扰控制。
2、在Web推送业务方面,分析目前主流的Web推送和广告推送技术实现原理,提出了一种Web推送的方法,同时比较了四种主流Web推送方案的优缺点,并分析了各方案所适用的场景,最后从用户、推送内容、推送类型三个层面对推送业务管理策略提出了建议,使Web推送能更好的具备定制化和针对性,从而促进业务增值的拓展。
3、在共享接入检测方面,鉴于其既属于基础流控平台又属于业务范畴的重要性,通过对当前主流的共享接入主机数目检测技术深入的分析,提出了5种检测算法,包括被动Cookie算法、内网IP算法、主动Cookie算法、系统时间算法和MTU算法,按照主动算法和被动算法进行分类,总结了各个算法的优缺点,指出了当前各算法所具有的场景局限性。在此基础上,提出了一种综合性共享上网主机数目检测的模型和系统,建立了先使用被动算法区分用户类型再使用主动算法进行精确主机数目判断的模型,设计了一种可扩展的检测系统,在提高算法准确度的同时,极大地避免了正常用户受到影响,适应于各种不同的检测场景。
4、引入多轨迹识别的概念,对多轨迹识别问题建立了数学模型,并将一类轨迹——恒变循环轨迹的问题归结为特例的剩余类循环轨迹的问题,基于这类轨迹提出了基于冒泡原理的多轨迹识别算法,通过利用各轨迹之间的交替特性依次使各轨迹浮出,容错性能好,在理论上证明了算法的收敛性,利用IPID变化规律具有恒变循环轨迹特征可用于共享接入检测来进行验证,实验证明该算法大大提高了检测效率,对异常情况更具容忍度。
5、在多轨迹识别理论方面,定义了另一类轨迹——二值异或群循环轨迹,并针对这类轨迹提出了高效的检测算法,通过将求解与基轨迹相异或的元素值的问题转化为求解每一特征位的模式问题,极大地提高了算法的可操作性和准确高效性。利用DNS变化规律具备二值异或群循环轨迹特征进行实验,表明该算法需要较少的样本数据即可进行检测,具有较好的容忍度和准确度。
Along with the emergence of more and more Internet and NGN (Next Generation Network) technologies, the number of broadband-access users has increased sharply; meanwhile, network applications become wider and wider so that great changes have taken place in operation environment. The appearance of various network applications, such as P2P, VoIP, VoD, IPTV, Game online, IM etc., needs more and more quality and bandwidth. In modern times, unsupervised VoIP service, P2P service, abnormal traffic and unmanaged shared access ties up a lot of bandwidth. The situation makes operation and management mode of traditional carriers to be in an extremely vulnerable position. The carriers gradually lose control of network applications; in the meantime, they increase financial input to improve network capacity which can't help them to share revenue of value added service because of serious network chanelized state. So it's so embarrassed for the traditional carriers. The severe case forces them to manage and operate the network in fine-grained level and provide diverse network services. From service monitoring and primary operation to advanced operation, they can provide management means and customized services for traffic inspection and service operation to improve their service quality. Aiming at the status and requirement, the paper mainly studies the technologies of traffic flow monitoring oriented to service recognition from the view of carriers, which can exhumate user application type and user behavior deeply, reduce the service losses result from shared access and raise their income of value added service by information push based on network traffic monitoring to play a pivotal role in transformation on carriers from channel provider to service provider.
The paper radiates in service inspection, traffic control and interruption, shared access detection and Web push technology on the basis of service gathering and analysis technology. The key techniques are studied and solved in the service implementation to meet the needs of various application scenes and aspects to network monitoring and service. There are several features of the work as follows:
1. In respect of service inspection and monitoring field, this paper does some research on service detection techniques from port-based, feature-based to user behavior-based technologies and service interrupt technologies based on TCP and UDP, especially traffic classification algorithms based on expert base and behavior feature. The paper proposes five feature mode of expert base in the detection field based on expert base and puts forward a new multi-flow detection technology which can solve some problem of difficulty to recognise some enciphered data, besides, it presents a new classification technology based on fractal dimension in behavior feature detection field to utilize the attribution of self-similarity in P2P application traffic for identification. Restriction, interference and interruption to special service flow are needed after identifying related service. Because the control technology in straight deployment mode has been mature and is easy to implement, the research on flow control technology in bypass deployment mode is a key point and a difficult one especially for connectionless UDP application. The paper also suggests 4 methods and concepts for controlling UDP application which can cover the mainstream UDP service traffic.
2. In respect of Web push service field, after analyzing the popular Web push and advertisement push technologies, the paper proposes a new Web push approach, and then compares the shortages and advantages of 4 main Web push methods and comes to the conclusion of the scenario that each approach is fit for. Finally, the paper advised the policy of push service management to be considered from three levels, namely:user type, content to push and presentation way so that Web push has the quality of customization and relevance which can promote business development better.
3. In respect of shared access detection field, the paper processes it as the most important study. By making detail analysis and deep study to the popular detection technologies for NATed hosts, the paper proposes 5 new types of detection algorithms, including passive Cookie algorithm, Inner-IP algorithm, active Cookie algorithm, system time algorithm and MTU algorithm. Then all the algorithms fall into two groups:passive algorithm and active algorithm. Finally the paper analyzes the merits and demerits of these algorithms and points out their limitation on application scenes. Based on this, the paper puts forwards an integrative model and system based on features of each algorithm. At first end users are classified according to user states, then the system makes use of passive algorithms to determine user type, after that utilizes active algorithms to calculate the number of NATed hosts exactly. This detection system has good scalability and hierarchy and can makes a new detection algorithm integrated easily, moreover it improves the accuracy of detection and avoids normal user experience to be interrupted.
4. The paper introduces multi-track separating concept for the first time and builds the mathematical model of multi-track separating theory to deepen the technology of shared access detection so that the related theory and algorithms can be extended to more application areas. Meantime, the notion of constant-step circular track is present which can be finally turned into residue class circular track problem. The paper provides a multi-track separating algorithm based on bubble principle which separates tracks in accordance with descending order in attribute values by using the feature of variances about multi-tracks in turn, rather than applying the traditional separating method by track interval. The results indicate that this approach is highly accurate and convergent by detecting shared access hosts using the change regularity of IPID which has the character of constant-step circular track.
5. In respect of the multi-track separating theory field, the paper defines a new type of track that is called binary XOR group circular track and then proposes a new separating algorithm for the kind of track, by which solving the element that is performed XOR operation with base track can be converted into deciding eigen bit mode of the track. It proves to be correct in theory and improves the operability and efficiency greatly. The results indicate that this approach is with high accuracy and tolerance of mis-report and needs small sample size to achieve the detection goals by detecting shared access hosts using the change regularity of DNS which has the character of XOR group circular track.
引文
[1]Day J D, Zimmermann H. The OSI reference model[J]. Proceedings of the IEEE.1983,71(12):1334-1340.
[2]ISO I S.7498[S]. Information Processing System-Open System Interconnecti-ons-Basic Reference Model.1983.
[3]傅丰铭.ISO/OSI开放系统互连参考模型和TCP/IP协议[J].现代电子工程.1997(001):57-64.
[4]刘烨.OSI参考模型与TCP/IP参考模型的比较研究[J].信息技术.2009(011):127-128.
[5]Postel J. RFC 791:Internet protocol[S].1981.
[6]Postel J. Transmission Control Protocol (TCP)-RFC 793[S]. September,1981.
[7]Postel J. RFC 768:User datagram protocol[S]. Network Information Center, August.1980,18.
[8]白华斌,李哲.VoIP的发展及其应用[J].中国多媒体通信.2009(005):16-20.
[9]张登银,孙精科.VoIP技术分析与系统设计[M].人民邮电出版社,2003:446.
[10]Rec I. H.323:Packet-based multimedia communication systems[S].1998.
[11]Itu-t R. H.245:Control protocol for multimedia communication[S].2008.
[12]Itu-t R. H.225.0:Call signalling protocols and media stream packetization for packet-based multimedia communication systems[S].2008.
[13]Rosenberg J, Schulzrinne H, Camarillo G, et al. SIP:Session Initiation Protocol (RFC 3261)[S]. Internet Engineering Task Force.2002.
[14]Andreasen F, Foster B. MGCP:Media Gateway Control Protocol (RFC 3435)[S]. Internet Engineering Task Force RFC.2003.
[15]Cuervo F, Greene N, Rayhan A, et al. Megaco Protocol Version 1.0 (RFC 3015)[S]. Internet Engineering Task Force.2000.
[16]Itu-t R. Gateway control protocol:Version 3[S].2005.
[17]Schulzrinne H, Casner S, Frederick R, et al. RTP:A transport protocol for real-time applications (rfc 3550)[S]. Internet Engineering Task Force, Network Working Group.2003.
[18]邹益民,杜江.基于H.323的VoIP监听模型的设计与实现[J].计算机应用.2008,28(006):1401-1403.
[19]ITU-T R. ASN.1 encoding rules:Specification of Packed Encoding Rules (PER)[S].2008.
[20]钱奕,张川,张镭.ASN.1及其PER编码在视频会议系统中的应用研究[J].计算机工程与设计.2006,27(010):1908-1910.
[21]Handley M, Jacobson V. SDP:Session Description Protocol (RFC 2327)[S]. IETF.1998.
[22]Johnston A, Donovan S, Sparks R, et al. SIP Basic Call Flow Examples (RFC 3665)[S]. IETF,2003.
[23]Davidson J, Peters J, BhatiaM(高艳译).VOIP技术架构[M].北京人民邮电出版社,2008.
[24]Baset S A, Schulzrinne H. An analysis of the skype peer-to-peer internet telephony protocol[C]. Citeseer,2006.
[25]张茂伟,孙玉峰.Skype协议分析[J].山东通信技术.2007,27(002):29-32.
[26]金海,廖小飞.P2P技术原理及应用[J].中兴通讯技术.2007,13(006):1-5.
[27]邢小良.P2P技术及其应用[M].北京:人民邮电出版社,2008.
[28]徐恪,叶明江,胡懋智.P2P技术现状及未来发展[J].中兴通讯技术.2007,13(006):6-10.
[29]陈姝,周勇林.P2P技术的研究与应用[J].计算机工程与应用.2002,38(013):20-23.
[30]Lua E K, Crowcroft J, Pias M, et al. A survey and comparison of peer-to-peer overlay network schemes[J]. IEEE Communications Surveys & Tutorials.2005,7(2): 72-93.
[31]El-ansary S, Alima L, Brand P, et al. Efficient broadcast in structured P2P networks[J]. Peer-to-Peer Systems Ⅱ.2003:304-314.
[32]Stoica I, Morris R, Liben-nowell D, et al. Chord:a scalable peer-to-peer lookup protocol for internet applications [J]. IEEE/ACM Transactions on networking. 2003,11(1):17-32.
[33]Ratnasamy S, Francis P, Handley M, et al. A scalable content-addressable network[C]. ACM,2001.
[34]Rowstron A, Druschel P. Pastry:Scalable, decentralized object location, and routing for large-scale peer-to-peer systems[C]. Springer,2001.
[35]Zhichen X, Mahalingam M, Karlsson M. Turning Heterogeneity into an Advantage in Overlay Routing[C].2003.
[36]Clarke I, Sandberg O, Wiley B, et al. Freenet:A distributed anonymous information storage and retrieval system [C]. Springer,2009.
[37]Klingberg T, Manfredi R. The gnutella protocol specification v0.6[J]. Technical specification of the Protocol.2002.
[38]FastTrack. Peer-to-Peer technology company[EB/OL]. http://www.FastTrac k.nu/2001.2001.
[39]KaZaA. KaZaA media desktop[EB/OL]. http://www.KaZaA.com/2001.2001.
[40]Jin H, Yao H, Liao X, et al. PKTown:A Peer-to-Peer Middleware to Support IPTV and Multiplayer Online Games[C]. Citeseer,2007.
[41]Cohen B. Bittorrent protocol specifications v1.0[J]. Retrieved Sept 8th.2006.
[42]Cohen B. Incentives build robustness in BitTorrent[C]. Citeseer,2003.
[43]Gerald C, Gilbert R, Hannes R B, et al. Wireshark Open Source Software[DB/CD].1998.
[44]张向东.全球DPI观察之一:深度包检测是驯服P2P流量的法宝[EB/OL].http://blog.sina.com.cn/s/blog_3dc164b001000a4h.html.2007.
[45]Insider L R. Deep Packet Inspection:2009 Market Forecast [EB/OL]. http://www.heavyreading.com/insider/details.asp?sku_id=2299&skuitem_itemid=11 48&promo_code=&aff_code=&next_url=%2Finsider%2Flist%2Easp%3Fpage%5Ft ype%3Dall%5Freports.2009.
[46]流媒体网.1P业务识别与控制系统(DPI)的发展现状与思考[EB/OL].http://pda.c114.net/166/a362847-2.html.2008.
[47]华为技术.多业务控制网关MSCG层次化DPI解决方案[EB/OL].http://www.huawei.com/cn/products/datacomm/catalog.do?id=2147.2008.
[48]IANA. PORT NUMBERS[EB/OL]. http://www.iana.org/assignments/port-numbers.2010.
[49]刘颖秋,李巍,李云春.网络流量分类与应用识别的研究[J].计算机应用 研究.2008,25(005):1492-1495.
[50]Knuth D E, Morris J J, Pratt V R. Fast pattern matching in strings[J]. SIAM Journal on Computing.1977,6:323.
[51]Boyer R S, Moore J S. A fast string searching algorithm[J]. Communications of the ACM.1977,20(10):762-772.
[52]Aho A V, Corasick M J. Efficient string matching:an aid to bibliographic search[J]. Communications of the ACM.1975,18(6):340.
[53]Wa Na. Research on the Identification and Control System for IP Service[J]. Telecommunications Network Technology.2009(11):14-18.
[54]Blake S, Black D, Carlson M, et al. RFC 2475:An Architecture for Differentiated Services[S].1998.
[55]Mahdavi J, Floyd S. TCP-friendly unicast rate-based flow control[J]. Note sent to end2end-interest mailing list.1997.
[56]Bansal D, Balakrishnan H. Binomial congestion control algorithms[C].2001.
[57]Floyd S, Handley M, Padhye J, et al. Equation-based congestion control for unicast applications [J]. ACM SIGCOMM Computer Communication Review.2000, 30(4):56.
[58]Yang Y R, Lam S S. General AIMD congestion control[C]. Published by the IEEE Computer Society,2000.
[59]Rhee I, Ozdemir V, Yi Y. TEAR:TCP emulation at receivers-flow control for multimedia streaming[J]. Department of Computer Science, NCSU," Technical report.2000.
[60]Jacobson V. Congestion avoidance and control[J]. ACM SIGCOMM Computer Communication Review.1995,25(1):187.
[61]Brakmo L S, Peterson L L. TCP Vegas:End to end congestion avoidance on a global Internet[J]. IEEE Journal on selected Areas in communications.1995,13(8): 1465-1480.
[62]Parekh A K, Gallager R G. A generalized processor sharing approach to flow control in integrated services networks:the single-node case[J]. IEEE/ACM Transactions on Networking (TON).1993,1(3):344-357.
[63]Demers A, Keshav S, Shenker S. Analysis and simulation of a fair queueing algorithm[C]. ACM,1989.
[64]Braden B, Clark D, Crowcroft J, et al. RFC2309:Recommendations on queue management and congestion avoidance in the internet[S]. Internet RFCs.1998.
[65]Floyd S, Jacobson V. Random early detection gateways for congestion avoidance[J]. IEEE/ACM Transactions on networking.1993,1(4):397-413.
[66]任丰原,林闯,刘卫东.IP网络中的拥塞控制[J].计算机学报.2003,26(009):1025-1034.
[67]El-marakby R, Hutchison D. Towards managed real-time communications in the internet environment[C]. Citeseer,1997.
[68]Min Y D. A Modified Adaptive Transmitted Control Strategy for Real Time Multimedia[J]. Computer Engineering and Applications.2004,19.
[69]蒋建国,苏兆品,李援,et al.RTP/RTCP自适应流量控制算法[J].电子学报.2006,34(009):1659-1662.
[70]Liang J, Nahrstedt K. RandPeer:Membership Management for QoS Sensitive Peer to Peer Applications[J]. Urbana.2005,51:61801.
[71]韦安明,王洪波,程时端,et al.高速网络中P2P流量检测及控制方法[J].北京邮电大学学报.2007,30(005):117-120.
[72]Postel J. RFC792:Internet Control Message Protocol[S]. Information Sciences Institute, University of Southern California.1981.
[73]协议漏洞.ICMP协议的缺陷[EB/OL].http://luthersun.spaces.live.com/blog/ cns!56712ED2EA691FAA!153.entry.2008.
[74]Mogul J C, Deering S E. RFC1191:Path MTU Discovery[S]. Internet Requests for Comments.1990.
[75]Baker F. Requirements for IP version 4 routers[S]. RFC 1812, June 1995, 1995.
[76]杨虎,张大方,谢鲲,et al. Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J].计算机工程与科学.2009,31(010):8-11.
[77]刘利锋,林冠洲.对数据流量进行控制的方法及装置200710175907.1[P].
[78]Berners-lee T, Connolly D. Hypertext Markup Language-2.0 (RFC 1866)[S]. September,1995.
[79]Raggett D. HTML 3.2 Reference Specification-W3C Recommendation 14-Jan-1997[S]. W3C-World Wide Web Consortium,[Online] http://www. w3. org/TR/REC-html32. html.1996.
[80]Raggett D, Le H A, Jacobs I. HTML 4.0 Specification[S]. W3C REC REC-htm140-19980424.1998.
[81]Raggett D, Le H A, Jacobs I. HTML 4.01 Specification[S]. W3C recommendation.1999,24.
[82]Price R. ISO/IEC 15445:2000 (E). Hypertext Markup Language[S]. http://www.scss.tcd.ie/misc/15445/15445.HTML,2000.
[83]Hickson I, Hyatt D. HTML 5[S]. The World Wide Web Consortium.(W3C Working Draft). Online verfugbar unter http://www. w3. org/TR/html5/, zuletzt gepr uft am.2008,25:2008.
[84]Pemberton S. XHTML 1.0 The Extensible HyperText Markup Language[S]. W3C Recommendations.2000:1-11.
[85]Pemberton S. XHTML 1.1-module-based XHTML[S]. URL:http://www. w3. org/TR/xhtml11/xhtml11.pdf [accessed 4 October,2003].2001.
[86]Axelsson J, Epperson B, Ishikawa M, et al. XHTML 2.0[S]. W3C Working Draft, Tech. Rep., July.2006.
[87]徐业健,熊鹰.广告推送方法、装置和系统200910091349.X[P].
[88]P2P Software. MYSEE[EB/OL]. http://www.mysee.com.cn/index.htm.2009.
[89]P2P Software. Vagaa[EB/OL]. http://www.vagaa.de/.2009.
[90]Chen H, Hu Z, Ye Z, et al. Research of P2P traffic identification based on neural network[C]. Wuhan, China:IEEE Computer Society,2009.
[91]沈富可,常潘,任肖丽.基于BP神经网络的P2P流量识别研究[J].计算机应用.2007,27(B12):44-45.
[92]Erman J, Mahanti A, Arlitt M. Internet traffic identification using machine learning[C]. San Francisco, CA, United states:Institute of Electrical and Electronics Engineers Inc.,2007.
[93]Liu H, Feng W, Huang Y, et al. A peer-to-peer traffic identification method using machine learning[C]. Guilin, China:Inst. of Elec. and Elec. Eng. Computer Society,2007.
[94]Li Z, Yuan R, Guan X. Accurate Classification of the Internet Traffic Based on the SVM Method[C].2007.
[95]Wang R, Liu Y, Yang Y, et al. Solving the app-level classification problem of P2P traffic Via optimized support vector machines[C]. Jinan, China:Inst. of Elec. and Elec. Eng. Computer Society,2006.
[96]Yang Y X, Wang R, Liu Y, et al. Solving P2P traffic identification problems via optimized support vector machines[C]. Amman, Jordan:Inst. of Elec. and Elec. Eng. Computer Society,2007.
[97]Liu Y, Wang R, Huang H, et al. Applying support vector machine to P2P traffic identification with smooth processing[C].2006.
[98]Gonz C F, Rodr H P, Mart R, et al. Support Vector Machine Detection of Peer-to-Peer Traffic in High-Performance Routers with Packet Sampling[J]. Adaptive and Natural Computing Algorithms.2007:208-217.
[99]Crotti M, Gringoli F, Pelosato P, et al. A statistical approach to IP-level classification of network traffic[C]. Istanbul, Turkey:Institute of Electrical and Electronics Engineers Inc.,2006.
[100]Crotti M, Dusi M, Gringoli F, et al. Traffic classification through simple statistical fingerprinting[J]. ACM SIGCOMM Computer Communication Review. 2007,37(1):16.
[101]Karagiannis T, Broido A, Faloutsos M, et al. Transport layer identification of P2P traffic[C]. Taormina, Italy:Association for Computing Machinery,2004.
[102]Moore A W, Zuev D. Internet traffic classification using bayesian analysis techniques[C]. Banff, AB, Canada:Association for Computing Machinery,2005.
[103]何明波,谭政,宋迪,et al.基于贝叶斯技术的P2P流量识别方法的研究[J].计算机与现代化.2009(011):67-69.
[104]Zuev D, Moore A W. Traffic classification using a statistical approach[C]. Boston, MA, United states:Springer Verlag,2005.
[105]Mcgregor A, Hall M, Lorier P, et al. Flow clustering using machine learning techniques[J]. Passive and Active Network Measurement.2004:205-214.
[106]Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms[C]. ACM,2006.
[107]谭炜,吴健.基于半监督学习的P2P协议识别[J].计算机工程与设计.2009(002):291-293.
[108]Zhou X, Wang Z. Application of Markov chain in Ip traffic classification[C]. Wuhan, Hubei, China:Inst. of Elec. and Elec. Eng. Computer Society,2009.
[109]Shusen L, Ruchuan W. A P2P Traffic Control and Management System Based on Hidden Markov Model[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science).2009,29(004):74-78.
[110]Shuyong Z, Quan Z, Chaojing T. Technique of Protocol Identification Using Profile Hidden Markov Model[J]. Modern Electronics Technique.2008,31(024): 131-134.
[111]Leland W E, Taqqu M S, Willinger W, et al. On the self-similar nature of Ethernet traffic (extended version)[J]. IEEE/ACM Transactions on networking.1994, 2(1):1-15.
[112]Crovella M E, Bestavros A. Self-similarity in world wide web traffic[J]. ACM SIGMETRICS Performance Evaluation Review.1996,24(1):160-169.
[113]Erramilli A, Roughan M, Veitch D, et al. Self-similar traffic and network dynamics[J]. Proceedings of the IEEE.2002,90(5):800-819.
[114]Doi H, Matsuda T, Yamamoto M. Performance evaluation of multi-fractal nature of TCP traffic with RED gateway[C].2004.
[115]Liebovitch L S, Toth T. A fast algorithm to determine fractal dimensions by box counting[J]. Physics Letters A.1989,141(8-9):386-390.
[116]Braden R. RFC1122:Requirements for Internet Hosts-Communication Layers[S]. RFC Editor United States.1989.
[117]P2P Software. Kugoo Music[EB/OL]. http://www.kugou.com/.2008.
[118]刘强,王飞,武巧荣,et al.一种网络信息的推送方法和装置200810186134.1[P].
[119]汪渝波,赵振平,皱畅根.WEB信息推送所使用的HTTP响应合成方法200610040853.3[P].
[120]Rosenberg J, Weinberger J, Huitema C. RFC 3489:STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)[R]. IETF,2003.
[121]Leech M, Ganis M, Lee Y, et al. RFC 1928:SOCKS Protocol Version 5[S]. 1996.
[122]Mei Y. Analysis of ICS Detecting Technology Principle[J]. Modern Computer. 2008(004):91-92.
[123]Bellovin S M. A technique for counting NATted hosts[C]. ACM New York, NY, USA,2002.
[124]Shuyu C, Xiuhuan H. IPID Shared Access Model Research and Implementation[J]. Journal of Chongqing Institute of Technology(Natural Science). 2008,22(008):94-96.
[125]Tan C. The principle and application of modern NAT detect technology[J]. Electronic Instrumentation Customer.2006,5(5).
[126]Jacobson V, Braden R, Borman D. RFC1323:TCP extensions for high performance[S].1992.
[127]Kohno T, Broido A, Claffy K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing.2005,2(2):93-108.
[128]辛阳,刘利锋,郑志彬,et al.检测主机数量的方法、装置与系统及通信方法200710096247.8[P].
[129]王飞,刘利锋,郑志彬.一种活动主机数量的检测方法及装置200610057572.9[P].
[130]Kristol D, Montulli L. RFC2965:HTTP State Management Mechanism[S]. 2000.
[131]Fielding R, Gettys J, Mogul J, et al. RFC2616:Hypertext Transfer Protocol--HTTP/1.1[S].1999.
[132]Mills D L. RFC 958:Network time protocol (NTP)[S]. Internet Engineer Task Force,1985.
[133]Dornhoff L L, Hohn F E. Applied modern algebra[M]. MacMillan Publishing Co., Inc., New York.1977,266:270.
[134]Stevens W R. TCP/IP illustrated (vol.1):the protocols[M]. Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA,1993.
[135]Spitzner L. Know your enemy:Passive fingerprinting[J]. Honeynet Project. 2003.
[136]丁文霞,卢焕章,谢剑斌.混沌二值序列对异或运算构成群的理论和实验证明[J].系统工程与电子技术.2006,28(009):1420-1422.
[137]Mockapetris P. RFC 1034:Domain names-concepts and facilities, November 1987[S].1987.
[138]Mockapetris P. RFC 1035—Domain names—implementation and specification, November 1987[S].1987.
[139]Klein A. Microsoft Windows DNS Stub Resolver Cache Poisoning[J]. URL http://www.trusteer.com/files/Microsoft_Windows_resolver_DNS_cache_poisoning. pdf.2007.
[140]Microsoft Security Bulletin MS08-020—Important; Vulnerability in DNS Client Could Allow Spoofing[J]. URL http://www.microsoft.com/technet/security /Bulletin/MS08-020.mspx.2008.
[141]Deering S, Hinden R. RFC 2460:Internet Protocol[S]. Version 6(IPv6) Specification.1998.
[142]Kent S, Atkinson R. Security architecture for the internet protocol (rfc 2401)[S]. Network Working Group.1998.第125页
[2]ISO I S.7498[S]. Information Processing System-Open System Interconnecti-ons-Basic Reference Model.1983.
[3]傅丰铭.ISO/OSI开放系统互连参考模型和TCP/IP协议[J].现代电子工程.1997(001):57-64.
[4]刘烨.OSI参考模型与TCP/IP参考模型的比较研究[J].信息技术.2009(011):127-128.
[5]Postel J. RFC 791:Internet protocol[S].1981.
[6]Postel J. Transmission Control Protocol (TCP)-RFC 793[S]. September,1981.
[7]Postel J. RFC 768:User datagram protocol[S]. Network Information Center, August.1980,18.
[8]白华斌,李哲.VoIP的发展及其应用[J].中国多媒体通信.2009(005):16-20.
[9]张登银,孙精科.VoIP技术分析与系统设计[M].人民邮电出版社,2003:446.
[10]Rec I. H.323:Packet-based multimedia communication systems[S].1998.
[11]Itu-t R. H.245:Control protocol for multimedia communication[S].2008.
[12]Itu-t R. H.225.0:Call signalling protocols and media stream packetization for packet-based multimedia communication systems[S].2008.
[13]Rosenberg J, Schulzrinne H, Camarillo G, et al. SIP:Session Initiation Protocol (RFC 3261)[S]. Internet Engineering Task Force.2002.
[14]Andreasen F, Foster B. MGCP:Media Gateway Control Protocol (RFC 3435)[S]. Internet Engineering Task Force RFC.2003.
[15]Cuervo F, Greene N, Rayhan A, et al. Megaco Protocol Version 1.0 (RFC 3015)[S]. Internet Engineering Task Force.2000.
[16]Itu-t R. Gateway control protocol:Version 3[S].2005.
[17]Schulzrinne H, Casner S, Frederick R, et al. RTP:A transport protocol for real-time applications (rfc 3550)[S]. Internet Engineering Task Force, Network Working Group.2003.
[18]邹益民,杜江.基于H.323的VoIP监听模型的设计与实现[J].计算机应用.2008,28(006):1401-1403.
[19]ITU-T R. ASN.1 encoding rules:Specification of Packed Encoding Rules (PER)[S].2008.
[20]钱奕,张川,张镭.ASN.1及其PER编码在视频会议系统中的应用研究[J].计算机工程与设计.2006,27(010):1908-1910.
[21]Handley M, Jacobson V. SDP:Session Description Protocol (RFC 2327)[S]. IETF.1998.
[22]Johnston A, Donovan S, Sparks R, et al. SIP Basic Call Flow Examples (RFC 3665)[S]. IETF,2003.
[23]Davidson J, Peters J, BhatiaM(高艳译).VOIP技术架构[M].北京人民邮电出版社,2008.
[24]Baset S A, Schulzrinne H. An analysis of the skype peer-to-peer internet telephony protocol[C]. Citeseer,2006.
[25]张茂伟,孙玉峰.Skype协议分析[J].山东通信技术.2007,27(002):29-32.
[26]金海,廖小飞.P2P技术原理及应用[J].中兴通讯技术.2007,13(006):1-5.
[27]邢小良.P2P技术及其应用[M].北京:人民邮电出版社,2008.
[28]徐恪,叶明江,胡懋智.P2P技术现状及未来发展[J].中兴通讯技术.2007,13(006):6-10.
[29]陈姝,周勇林.P2P技术的研究与应用[J].计算机工程与应用.2002,38(013):20-23.
[30]Lua E K, Crowcroft J, Pias M, et al. A survey and comparison of peer-to-peer overlay network schemes[J]. IEEE Communications Surveys & Tutorials.2005,7(2): 72-93.
[31]El-ansary S, Alima L, Brand P, et al. Efficient broadcast in structured P2P networks[J]. Peer-to-Peer Systems Ⅱ.2003:304-314.
[32]Stoica I, Morris R, Liben-nowell D, et al. Chord:a scalable peer-to-peer lookup protocol for internet applications [J]. IEEE/ACM Transactions on networking. 2003,11(1):17-32.
[33]Ratnasamy S, Francis P, Handley M, et al. A scalable content-addressable network[C]. ACM,2001.
[34]Rowstron A, Druschel P. Pastry:Scalable, decentralized object location, and routing for large-scale peer-to-peer systems[C]. Springer,2001.
[35]Zhichen X, Mahalingam M, Karlsson M. Turning Heterogeneity into an Advantage in Overlay Routing[C].2003.
[36]Clarke I, Sandberg O, Wiley B, et al. Freenet:A distributed anonymous information storage and retrieval system [C]. Springer,2009.
[37]Klingberg T, Manfredi R. The gnutella protocol specification v0.6[J]. Technical specification of the Protocol.2002.
[38]FastTrack. Peer-to-Peer technology company[EB/OL]. http://www.FastTrac k.nu/2001.2001.
[39]KaZaA. KaZaA media desktop[EB/OL]. http://www.KaZaA.com/2001.2001.
[40]Jin H, Yao H, Liao X, et al. PKTown:A Peer-to-Peer Middleware to Support IPTV and Multiplayer Online Games[C]. Citeseer,2007.
[41]Cohen B. Bittorrent protocol specifications v1.0[J]. Retrieved Sept 8th.2006.
[42]Cohen B. Incentives build robustness in BitTorrent[C]. Citeseer,2003.
[43]Gerald C, Gilbert R, Hannes R B, et al. Wireshark Open Source Software[DB/CD].1998.
[44]张向东.全球DPI观察之一:深度包检测是驯服P2P流量的法宝[EB/OL].http://blog.sina.com.cn/s/blog_3dc164b001000a4h.html.2007.
[45]Insider L R. Deep Packet Inspection:2009 Market Forecast [EB/OL]. http://www.heavyreading.com/insider/details.asp?sku_id=2299&skuitem_itemid=11 48&promo_code=&aff_code=&next_url=%2Finsider%2Flist%2Easp%3Fpage%5Ft ype%3Dall%5Freports.2009.
[46]流媒体网.1P业务识别与控制系统(DPI)的发展现状与思考[EB/OL].http://pda.c114.net/166/a362847-2.html.2008.
[47]华为技术.多业务控制网关MSCG层次化DPI解决方案[EB/OL].http://www.huawei.com/cn/products/datacomm/catalog.do?id=2147.2008.
[48]IANA. PORT NUMBERS[EB/OL]. http://www.iana.org/assignments/port-numbers.2010.
[49]刘颖秋,李巍,李云春.网络流量分类与应用识别的研究[J].计算机应用 研究.2008,25(005):1492-1495.
[50]Knuth D E, Morris J J, Pratt V R. Fast pattern matching in strings[J]. SIAM Journal on Computing.1977,6:323.
[51]Boyer R S, Moore J S. A fast string searching algorithm[J]. Communications of the ACM.1977,20(10):762-772.
[52]Aho A V, Corasick M J. Efficient string matching:an aid to bibliographic search[J]. Communications of the ACM.1975,18(6):340.
[53]Wa Na. Research on the Identification and Control System for IP Service[J]. Telecommunications Network Technology.2009(11):14-18.
[54]Blake S, Black D, Carlson M, et al. RFC 2475:An Architecture for Differentiated Services[S].1998.
[55]Mahdavi J, Floyd S. TCP-friendly unicast rate-based flow control[J]. Note sent to end2end-interest mailing list.1997.
[56]Bansal D, Balakrishnan H. Binomial congestion control algorithms[C].2001.
[57]Floyd S, Handley M, Padhye J, et al. Equation-based congestion control for unicast applications [J]. ACM SIGCOMM Computer Communication Review.2000, 30(4):56.
[58]Yang Y R, Lam S S. General AIMD congestion control[C]. Published by the IEEE Computer Society,2000.
[59]Rhee I, Ozdemir V, Yi Y. TEAR:TCP emulation at receivers-flow control for multimedia streaming[J]. Department of Computer Science, NCSU," Technical report.2000.
[60]Jacobson V. Congestion avoidance and control[J]. ACM SIGCOMM Computer Communication Review.1995,25(1):187.
[61]Brakmo L S, Peterson L L. TCP Vegas:End to end congestion avoidance on a global Internet[J]. IEEE Journal on selected Areas in communications.1995,13(8): 1465-1480.
[62]Parekh A K, Gallager R G. A generalized processor sharing approach to flow control in integrated services networks:the single-node case[J]. IEEE/ACM Transactions on Networking (TON).1993,1(3):344-357.
[63]Demers A, Keshav S, Shenker S. Analysis and simulation of a fair queueing algorithm[C]. ACM,1989.
[64]Braden B, Clark D, Crowcroft J, et al. RFC2309:Recommendations on queue management and congestion avoidance in the internet[S]. Internet RFCs.1998.
[65]Floyd S, Jacobson V. Random early detection gateways for congestion avoidance[J]. IEEE/ACM Transactions on networking.1993,1(4):397-413.
[66]任丰原,林闯,刘卫东.IP网络中的拥塞控制[J].计算机学报.2003,26(009):1025-1034.
[67]El-marakby R, Hutchison D. Towards managed real-time communications in the internet environment[C]. Citeseer,1997.
[68]Min Y D. A Modified Adaptive Transmitted Control Strategy for Real Time Multimedia[J]. Computer Engineering and Applications.2004,19.
[69]蒋建国,苏兆品,李援,et al.RTP/RTCP自适应流量控制算法[J].电子学报.2006,34(009):1659-1662.
[70]Liang J, Nahrstedt K. RandPeer:Membership Management for QoS Sensitive Peer to Peer Applications[J]. Urbana.2005,51:61801.
[71]韦安明,王洪波,程时端,et al.高速网络中P2P流量检测及控制方法[J].北京邮电大学学报.2007,30(005):117-120.
[72]Postel J. RFC792:Internet Control Message Protocol[S]. Information Sciences Institute, University of Southern California.1981.
[73]协议漏洞.ICMP协议的缺陷[EB/OL].http://luthersun.spaces.live.com/blog/ cns!56712ED2EA691FAA!153.entry.2008.
[74]Mogul J C, Deering S E. RFC1191:Path MTU Discovery[S]. Internet Requests for Comments.1990.
[75]Baker F. Requirements for IP version 4 routers[S]. RFC 1812, June 1995, 1995.
[76]杨虎,张大方,谢鲲,et al. Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J].计算机工程与科学.2009,31(010):8-11.
[77]刘利锋,林冠洲.对数据流量进行控制的方法及装置200710175907.1[P].
[78]Berners-lee T, Connolly D. Hypertext Markup Language-2.0 (RFC 1866)[S]. September,1995.
[79]Raggett D. HTML 3.2 Reference Specification-W3C Recommendation 14-Jan-1997[S]. W3C-World Wide Web Consortium,[Online] http://www. w3. org/TR/REC-html32. html.1996.
[80]Raggett D, Le H A, Jacobs I. HTML 4.0 Specification[S]. W3C REC REC-htm140-19980424.1998.
[81]Raggett D, Le H A, Jacobs I. HTML 4.01 Specification[S]. W3C recommendation.1999,24.
[82]Price R. ISO/IEC 15445:2000 (E). Hypertext Markup Language[S]. http://www.scss.tcd.ie/misc/15445/15445.HTML,2000.
[83]Hickson I, Hyatt D. HTML 5[S]. The World Wide Web Consortium.(W3C Working Draft). Online verfugbar unter http://www. w3. org/TR/html5/, zuletzt gepr uft am.2008,25:2008.
[84]Pemberton S. XHTML 1.0 The Extensible HyperText Markup Language[S]. W3C Recommendations.2000:1-11.
[85]Pemberton S. XHTML 1.1-module-based XHTML[S]. URL:http://www. w3. org/TR/xhtml11/xhtml11.pdf [accessed 4 October,2003].2001.
[86]Axelsson J, Epperson B, Ishikawa M, et al. XHTML 2.0[S]. W3C Working Draft, Tech. Rep., July.2006.
[87]徐业健,熊鹰.广告推送方法、装置和系统200910091349.X[P].
[88]P2P Software. MYSEE[EB/OL]. http://www.mysee.com.cn/index.htm.2009.
[89]P2P Software. Vagaa[EB/OL]. http://www.vagaa.de/.2009.
[90]Chen H, Hu Z, Ye Z, et al. Research of P2P traffic identification based on neural network[C]. Wuhan, China:IEEE Computer Society,2009.
[91]沈富可,常潘,任肖丽.基于BP神经网络的P2P流量识别研究[J].计算机应用.2007,27(B12):44-45.
[92]Erman J, Mahanti A, Arlitt M. Internet traffic identification using machine learning[C]. San Francisco, CA, United states:Institute of Electrical and Electronics Engineers Inc.,2007.
[93]Liu H, Feng W, Huang Y, et al. A peer-to-peer traffic identification method using machine learning[C]. Guilin, China:Inst. of Elec. and Elec. Eng. Computer Society,2007.
[94]Li Z, Yuan R, Guan X. Accurate Classification of the Internet Traffic Based on the SVM Method[C].2007.
[95]Wang R, Liu Y, Yang Y, et al. Solving the app-level classification problem of P2P traffic Via optimized support vector machines[C]. Jinan, China:Inst. of Elec. and Elec. Eng. Computer Society,2006.
[96]Yang Y X, Wang R, Liu Y, et al. Solving P2P traffic identification problems via optimized support vector machines[C]. Amman, Jordan:Inst. of Elec. and Elec. Eng. Computer Society,2007.
[97]Liu Y, Wang R, Huang H, et al. Applying support vector machine to P2P traffic identification with smooth processing[C].2006.
[98]Gonz C F, Rodr H P, Mart R, et al. Support Vector Machine Detection of Peer-to-Peer Traffic in High-Performance Routers with Packet Sampling[J]. Adaptive and Natural Computing Algorithms.2007:208-217.
[99]Crotti M, Gringoli F, Pelosato P, et al. A statistical approach to IP-level classification of network traffic[C]. Istanbul, Turkey:Institute of Electrical and Electronics Engineers Inc.,2006.
[100]Crotti M, Dusi M, Gringoli F, et al. Traffic classification through simple statistical fingerprinting[J]. ACM SIGCOMM Computer Communication Review. 2007,37(1):16.
[101]Karagiannis T, Broido A, Faloutsos M, et al. Transport layer identification of P2P traffic[C]. Taormina, Italy:Association for Computing Machinery,2004.
[102]Moore A W, Zuev D. Internet traffic classification using bayesian analysis techniques[C]. Banff, AB, Canada:Association for Computing Machinery,2005.
[103]何明波,谭政,宋迪,et al.基于贝叶斯技术的P2P流量识别方法的研究[J].计算机与现代化.2009(011):67-69.
[104]Zuev D, Moore A W. Traffic classification using a statistical approach[C]. Boston, MA, United states:Springer Verlag,2005.
[105]Mcgregor A, Hall M, Lorier P, et al. Flow clustering using machine learning techniques[J]. Passive and Active Network Measurement.2004:205-214.
[106]Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms[C]. ACM,2006.
[107]谭炜,吴健.基于半监督学习的P2P协议识别[J].计算机工程与设计.2009(002):291-293.
[108]Zhou X, Wang Z. Application of Markov chain in Ip traffic classification[C]. Wuhan, Hubei, China:Inst. of Elec. and Elec. Eng. Computer Society,2009.
[109]Shusen L, Ruchuan W. A P2P Traffic Control and Management System Based on Hidden Markov Model[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science).2009,29(004):74-78.
[110]Shuyong Z, Quan Z, Chaojing T. Technique of Protocol Identification Using Profile Hidden Markov Model[J]. Modern Electronics Technique.2008,31(024): 131-134.
[111]Leland W E, Taqqu M S, Willinger W, et al. On the self-similar nature of Ethernet traffic (extended version)[J]. IEEE/ACM Transactions on networking.1994, 2(1):1-15.
[112]Crovella M E, Bestavros A. Self-similarity in world wide web traffic[J]. ACM SIGMETRICS Performance Evaluation Review.1996,24(1):160-169.
[113]Erramilli A, Roughan M, Veitch D, et al. Self-similar traffic and network dynamics[J]. Proceedings of the IEEE.2002,90(5):800-819.
[114]Doi H, Matsuda T, Yamamoto M. Performance evaluation of multi-fractal nature of TCP traffic with RED gateway[C].2004.
[115]Liebovitch L S, Toth T. A fast algorithm to determine fractal dimensions by box counting[J]. Physics Letters A.1989,141(8-9):386-390.
[116]Braden R. RFC1122:Requirements for Internet Hosts-Communication Layers[S]. RFC Editor United States.1989.
[117]P2P Software. Kugoo Music[EB/OL]. http://www.kugou.com/.2008.
[118]刘强,王飞,武巧荣,et al.一种网络信息的推送方法和装置200810186134.1[P].
[119]汪渝波,赵振平,皱畅根.WEB信息推送所使用的HTTP响应合成方法200610040853.3[P].
[120]Rosenberg J, Weinberger J, Huitema C. RFC 3489:STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)[R]. IETF,2003.
[121]Leech M, Ganis M, Lee Y, et al. RFC 1928:SOCKS Protocol Version 5[S]. 1996.
[122]Mei Y. Analysis of ICS Detecting Technology Principle[J]. Modern Computer. 2008(004):91-92.
[123]Bellovin S M. A technique for counting NATted hosts[C]. ACM New York, NY, USA,2002.
[124]Shuyu C, Xiuhuan H. IPID Shared Access Model Research and Implementation[J]. Journal of Chongqing Institute of Technology(Natural Science). 2008,22(008):94-96.
[125]Tan C. The principle and application of modern NAT detect technology[J]. Electronic Instrumentation Customer.2006,5(5).
[126]Jacobson V, Braden R, Borman D. RFC1323:TCP extensions for high performance[S].1992.
[127]Kohno T, Broido A, Claffy K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing.2005,2(2):93-108.
[128]辛阳,刘利锋,郑志彬,et al.检测主机数量的方法、装置与系统及通信方法200710096247.8[P].
[129]王飞,刘利锋,郑志彬.一种活动主机数量的检测方法及装置200610057572.9[P].
[130]Kristol D, Montulli L. RFC2965:HTTP State Management Mechanism[S]. 2000.
[131]Fielding R, Gettys J, Mogul J, et al. RFC2616:Hypertext Transfer Protocol--HTTP/1.1[S].1999.
[132]Mills D L. RFC 958:Network time protocol (NTP)[S]. Internet Engineer Task Force,1985.
[133]Dornhoff L L, Hohn F E. Applied modern algebra[M]. MacMillan Publishing Co., Inc., New York.1977,266:270.
[134]Stevens W R. TCP/IP illustrated (vol.1):the protocols[M]. Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA,1993.
[135]Spitzner L. Know your enemy:Passive fingerprinting[J]. Honeynet Project. 2003.
[136]丁文霞,卢焕章,谢剑斌.混沌二值序列对异或运算构成群的理论和实验证明[J].系统工程与电子技术.2006,28(009):1420-1422.
[137]Mockapetris P. RFC 1034:Domain names-concepts and facilities, November 1987[S].1987.
[138]Mockapetris P. RFC 1035—Domain names—implementation and specification, November 1987[S].1987.
[139]Klein A. Microsoft Windows DNS Stub Resolver Cache Poisoning[J]. URL http://www.trusteer.com/files/Microsoft_Windows_resolver_DNS_cache_poisoning. pdf.2007.
[140]Microsoft Security Bulletin MS08-020—Important; Vulnerability in DNS Client Could Allow Spoofing[J]. URL http://www.microsoft.com/technet/security /Bulletin/MS08-020.mspx.2008.
[141]Deering S, Hinden R. RFC 2460:Internet Protocol[S]. Version 6(IPv6) Specification.1998.
[142]Kent S, Atkinson R. Security architecture for the internet protocol (rfc 2401)[S]. Network Working Group.1998.第125页