CAJ | 학술논문

针对当前P2P流量消耗大量带宽，降低接入网络性能的问题，采用规则匹配的方法，借助入侵检测系统Snort的链表结构，设计了一种局域网P2P流量识别系统，该系统综合使用端口识别和特征匹配两种传统方法进行检测，并采用一种动态规则匹配机制，增加选项索引链表，对规则匹配的次序进行动态调整，从而提高规则匹配的速度。实验结果表明该系统可迅速发现并准确提示不同P2P流量。
침대당전P2P류량소모대량대관，강저접입망락성능적문제，채용규칙필배적방법，차조입침검측계통Snort적련표결구，설계료일충국역망P2P류량식별계통，해계통종합사용단구식별화특정필배량충전통방법진행검측，병채용일충동태규칙필배궤제，증가선항색인련표，대규칙필배적차서진행동태조정，종이제고규칙필배적속도。실험결과표명해계통가신속발현병준학제시불동P2P류량。
Aiming at the high bandwidth assumption of P2P （peer to peer） flow, a LAN P2P flow identification system is designed based on Rule-matching and chain structure of IDS Snort. Two main traditional methods, port identification and feature matching are synthetically used in this system. In order to increase the rule- matching speed effectively, a dynamic mechanism is applied. By a chain of the option index, the sequence of rule-matching is adjusted dynamically. The experimental results indicate that this system can rapidly discover and further accurately alarm the different P2P flow.