面向属性迁移状态的P2P网络行为分析方法研究

doi:10.3969/j.issn.1671-1122.2020.01.003

摘要/Abstract

摘要：

文章针对网络中网络带宽占用较大,通信较为频繁的网络行为的通信属性状态的变化特点,提出了面向属性迁移状态的网络通信行为分析方法。通过对各类行为中分阶段迁移状态的属性参数的讨论,给出了不同阶段属性和端口的相应迁移状态特性,研究并提出了P2P行为识别方法。通过实验,验证了该方法对P2P应用的识别效果和可靠性。

关键词: 网络安全, 行为识别, 异常行为检测, 属性分析

Abstract:

For the network property status changes characteristic behaviors of which had greater network bandwidth and more frequent communication, we proposed a network communication behavior analytical method for status migration attribute-oriented. According to the discussing by phased migration status for attribute parameter, we gave the corresponding attributes and characteristics of the different stages for port. And then, we researched the behavior of P2P recognition model. Through the experiments we validated performance and reliability of this method for identifying P2P application.

Key words: network security, behavior identification, anomaly behavior detection, attribute analysis

中图分类号:

TP309

荆涛, 万巍. 面向属性迁移状态的P2P网络行为分析方法研究[J]. 信息网络安全, 2020, 20(1): 16-25.

JING Tao, WAN Wei. Research on a P2P Network Communication Behavior Analytical Method for Status Migration Attribute-oriented[J]. Netinfo Security, 2020, 20(1): 16-25.

图/表 7

表1

表2

表3

表4

表5

表6

表7

参考文献 15

[1]	JIA Yan, HAN Weihong, WANG Wei.Research and Implementation Security Situation Analysis and Prediction System for Large-scale Network[J]. Information Technology and Network Security, 2018, 37(2): 17-22.
	贾焰,韩伟红,王伟.大规模网络安全态势分析系统YHSAS设计与实现[J]. 信息技术与网络安全,2018,37(2):17-22.
[2]	SONG Jiaming.Analysis of Network Abnormal Behavior Based Artifical Intelligence[D]. Beijing: Beijing University of Posts and Telecommunications, 2019.
	宋佳明. 基于人工智能的网络异常行为分析[D].北京:北京邮电大学,2019.
[3]	ZHANG Yanhua, ZHANG Yangsen, MA Hongxia.Method for Mining and Analyzing Network Log Attribute[J]. Application Research of Computers, 2017, 34(5): 1410-1414.
	张艳华,张仰森,马红霞.一种网络日志属性挖掘与分析方法[J].计算机应用研究,2017,34(5):1410-1414.
[4]	YANG Min, ZHANG Shibin, ZHANG Hang, et al.A New User Behavior Evaluation Method in Online Social Network[J]. Journal of Information Security and Applications, 2019, 47(1): 217-222.
[5]	LU Jiazhong.APT Attack Modeling and Detection Technology Based on Depth Analysis of Whole Network Trafficand Logs[D]. Chengdu: University of Electronic Science and Technology of China, 2019.
	卢嘉中. 基于全网流量与日志深度分析的APT攻击建模与检测技术[D].成都:电子科技大学,2019.
[6]	LIU Zhen, WANG Ruoyu, CAI Xianfa, et al.Survey on Trafficfeaturesin Internet Traffic Classification[J]. Application Research of Computers, 2017, 34(1): 8-14, 41.
	刘珍,王若愚,蔡先发,等.互联网流量分类中流量特征研究[J].计算机应用研究,2017,34(1):8-14,41.
[7]	LI Mingyue, LUO Xiangyang, CHAI Lixiang, et al.City-Level IP Geolocation Method Based on Network Node Clustering[J]. Journal of Computer Research and Development, 2019, 56(3): 467-479.
	李明月,罗向阳,柴理想,等.基于网络节点聚类的目标IP城市级定位方法[J].计算机研究与发展,2019,56(3):467-479.
[8]	DU Xiaofeng, CHEN Shiping.A Hybrid P2P Overlay for Multi-attribute Queries in Cloud Computing[J]. Electronic Science and Technology, 2016, 29(7): 47-50.
	杜晓锋,陈世平.云计算环境下支持多属性查找的混合对等网络[J].电子科技,2016,29(7):47-50.
[9]	TAN Xincheng, XIE Yi, MA Haishou, et al.Recognizing the Content Types of Network Traffic Based on A Hybrid DNN-HMM Model[J]. Journal of Network and Computer Applications, 2019, 142(3): 51-62.
[10]	CAO Zhekang.Research and Applicationof Key Technologies for Regional Load Balancing Based on Open WRT System[D]. Zhengzhou: Zhengzhou University, 2018.
	曹哲康. 基于OpenWRT系统的区域负载均衡关键技术研究与应用[D].郑州:郑州大学,2018.
[11]	FRIEDRICH C, MORITZ H, MARCUS C, et al.Peer-to-Peer Sharing and Collaborative Consumption Platforms: A Taxonomy and A Reproducible Analysis[J]. Information Systems and e-Business Management, 2018, 16(2): 293-325.
[12]	HAN Qiyi.Research on The Security Mechanism of P2P Networking Monitoring and Trust Model[D]. Chengdu: University of Electronic Science and Technology of China, 2016.
	韩祺祎. P2P网络监控与信任安全机制研究[D].成都:电子科技大学,2016.
[13]	WANG Pengfei.Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis[D]. Jinan: Shandong University, 2018.
	王鹏飞. 基于周期性通讯行为的P2P僵尸网络检测[D].济南:山东大学,2018.
[14]	WANG Jiao.The Study of P2P and Anomaly Traffic Identification Technology Based on Behavior Analysis[D]. Beijing: Beijing University of Posts and Telecommunications, 2008.
	王蛟. 基于行为的P2P流量及异常流量检测技术研究[D].北京:北京邮电大学,2008.
[15]	YUAN Huabing.Study on P2P Network Flow Recognition Algorithm Based on Machine Learning[J]. Computer & Digital Engineering, 2019, 47(10): 2387-2391.
	袁华兵. 一种基于机器学习的P2P网络流量识别算法研究[J].计算机与数字工程,2019,47(10):2387-2391.

活跃地址与否	端口改变与否	端口状态情况
是	否	活跃端口
是	是	更新端口
否	否	更新端口
否	是	更新端口

	BitTorrent	迅雷	PPStream	QQ旋风	PPlive
λ∆t/s	5	5	2	5	3
初始化阶段/s	131	87	32	125	47

k	D_{addr-active-k}	m_k-active	n_active-k	D_{addr-update-k}	m_k-update	n_update-k
31	5.332	63	63	6.130	14	13
32	5.312	57	57	6.127	13	13
33	5.343	61	61	6.127	12	12
34	5.329	62	62	6.135	13	13
35	5.314	61	61	6.129	13	12
36	5.378	59	59	6.130	11	10
37	5.330	64	64	6.133	12	12
38	5.329	63	63	6.208	15	14
39	5.339	63	63	6.189	15	15
40	5.327	65	65	6.192	13	13

k	$\frac{{{D}_{addr-active-k+1}}}{{{D}_{addr-active-k}}}$	$\frac{{{m}_{k+1-active}}}{{{n}_{active-k}}}$	$\frac{{{n}_{active-k+1}}}{{{m}_{k-active}}}$	$\frac{{{D}_{addr-update-k\text{+}1}}}{{{D}_{addr-update-k}}}$	$\frac{{{m}_{k+1-update}}}{{{m}_{k-update}}}$	$\frac{{{n}_{update-k+1}}}{{{n}_{update-k}}}$
31~32	0.996	0.905	0.905	1.000	0.929	1.000
32~33	1.006	1.070	1.070	1.000	0.923	0.923
33~34	0.997	1.016	1.016	1.001	1.083	1.083
34~35	0.997	0.984	0.984	0.999	1.000	0.923
35~36	1.012	0.967	0.967	1.000	0.846	0.833
36~37	0.991	1.085	1.085	1.000	1.091	1.200
37~38	1.000	0.984	0.984	1.012	1.250	1.167
38~39	1.002	1.000	1.000	0.997	1.000	1.071
39~40	0.998	1.032	1.032	1.000	0.867	0.867

k	D_addr_-_active_-_k	m_k_-_active	n_active_-_k	D_addr_-_update_-_k	m_k_-_update	n_update_-_k
81	5.385	60	60	6.442	19	18
82	5.391	57	57	6.988	22	24
83	5.383	57	57	6.537	17	17
84	5.383	57	57	6.54	17	19
85	5.385	58	58	6.491	16	15
86	5.385	58	58	6.483	15	13
87	5.383	57	57	6.491	17	16
88	5.378	52	52	7.052	25	24
89	5.359	51	51	7.135	18	19
90	5.36	51	51	7.139	17	16