網路服務與應用已是目前人們生活的一部分，許多日常生活中的交易或手續也都提供網路服務，因此，網路服務的管理是一項重要的工作；要能管理網路服務，首先需要對流量進行分類，由於目前有些網路服務並不會使用固定的連接埠，而如殭屍網路或釣魚網站等網路威脅也會使用標準的通訊協定來傳輸資訊，隱藏於合法流量中，因此，有需要透過深層檢視網路封包的內容來分類網路流量，以作為網路服務流量統計、服務品質管控及網路安全管理的依據。本論文建構一個新型的深度封包檢測系統 - NetDPI，針對通訊協定之特徵值在封包內容有特定偏移的特性分類特徵值，並基於trie結構建置特徵表，降低特徵值數量對於效能的影響。於規則比對的部分，則是透過預先建立規則與特徵值的關連性，簡化規則比對的複雜度，以提升流量分類的效能。本系統提供了流量分類的功能，能夠將已判別的流量與記錄連線資訊，提供給網路管理系統，並藉由已判定的連線資訊分享，可提供做為區域聯防的用途。

Network services and applications are parts of people’s life today. With many business transactions keeping going in the Internet, to manage the network services is an important issue. Establishment of traffic classification is important for management of the network service. Classifying the network traffic based on port number is not enough, because some network services do not use fixed port. Such as Botnet and phishing site use the standard protocol to transmit data. Therefore, Deep Packet Inspection system is used to classify the network traffic for network traffic statistics, quality of service, and network security management. In this dissertation, we propose a new style of deep packet inspection system named Net-DPI and classify the patterns of network protocols based on the offset in the payload. The pattern table is constructed with trie structure for reducing the affection by the amount of patterns. In rule matching, we previously build the relationship between patterns and rules to simplify the complexity of rule matching. The proposed algorithms are for reducing the time cost of traffic classification. This system is implemented in Linux kernel. It provides traffic classification and sends the classified network services and connection information to the network management system for sharing to achieve the purpose of zone network defense.

[1] A.W. Moore and K. Papagiannaki, “Toward the Accurate Identification of Network Applications,” In Proceedings of passive and active network measurement, 2005, pp.41-543.
[2] A.N. Du and B. Fang, “Novel Approach for Web Filtering Based on User Interest Focusing Degree,” International Journal of Innovative Computing, Information and Control, Vol. 4, No. 6, June 2008, pp. 1325-1334.
[3] A. Wagner, T. Dubendorfer, L. Hammerle and B. Plattner, “Flow-Based Identification of P2P Heavy-Hitters,” Internet Surveillance and Protection, 2006.
[4] J. Zheng and Y. Xu, “Identification of network traffic based on support vector machine,” International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010, pp.V3-286-V3-290.
[5] A.L. Ding, X.M. Zhao and L.C. Jiao, “Traffic flow time series prediction based on statistics learning theory,” The IEEE 5th International Conference on Intelligent Transportation Systems,”, 2002, pp.727-730.
[6] A. Madhukar and C. Williamson, “A Longitudinal Study of P2P Traffic Classification,” Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation, 2006, pp.179-188.
[7] A. Spognardi, A. Lucarelli, and R.D. Pietro, “A Methodology for P2P File-Sharing Traffic Detection,” In Proceedings of the Second International Workshop on Hot Topics in Peer-to-Peer Systems, 2005, pp. 52-61.
[8] S. Sen and J. Wang, “Analyzing Peer-to-Peer Traffic Across Large Networks,” IEEE/ACM Transactions on Networking, Vol. 12, No. 2, 2004, pp. 219-232.
[9] S. Sen, O. Spatscheck and D.M. Wang, “Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures,” Proceedings of the 13th international conference on World Wide Web, 2004, pp.512-521.
[10] F. Yu, Z.F. Chen, Y.L. Diao, T.V. Lakshman and R.H. Katz, “Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection,” In Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, 2006, pp. 93-102.
[11] C.H. Chen, “The Design and Implementation of Protocol Classifier based on Linux Netfilter,” Master thesis, National Sun Yat-sen University, Taiwan, 2006.
[12] Y.S. Hsu, “Analysis and Impact Evaluation of Random Change of Network Flow of Communication Port,” Master thesis, National Sun Yat-sen University, Taiwan, 2008.
[13] U. Manber, “Introduction to Algorithms: A Creative Approach,” Addison-Wesley, first Edition, 1989.
[14] P.C. Wu, “A Fast Multi-pattern Matching Algorithm for Network Processors,” Master thesis, National Sun Yat-sen University, Taiwan, 2006.
[15] Netfilter Project, http://www.netfilter.com, accessed July 2012.
[16] ASCII code table, http://www.ascii-code.com/, accessed on July, 2012.
[17] K. Wehrle, F. Pahlke, H. Ritter, D. Muller and M. Bechler, “Linux Networking Architecture,” Prentice Hall, 2004.
[18] T. Herbert, “The Linux TCP/IP Stack: Networking for Embedded Systems,” Charles River Media, second edition, 2006.
[19] M.Y. Liao, M.Y. Luo, C.S. Yang, C.H. Chen, P.C. Wu and Y.W. Chen, “Design and evaluation of deep packet inspection system: a case study,” IET Networks, Vol. 1, No. 1, 2012, pp. 2-9.
[20] Application Layer Packet Classifier for Linux: http://l7-filter.sourceforge.net/, accessed December 2011.
[21] Y. Kulbak and D. Bickson: “The eMule Protocol Specification,” http://www.cs.huji.ac.il/labs/danss/p2p/resources/emule.pdf, accessed July 2012.
[22] D. Ido, “Firewall Evolution - Deep Packet Inspection,” http://www.symantec.com/connect/articles/firewall-evolution-deep-packet-inspection, accessed July 2012.
[23] D. Knuth, “The Art of Computer Programming: Semi-numerical Algorithms,” Vol. 2, third edition, Addison-Wesley, 1997.
[24] A.V. Aho and M.J. Corasick, “Efficient String Matching: An Aid to Bibliographic Search,” Communications of the ACM, Vol. 18, No. 6, 1975, pp. 333-340.
[25] R.S. Boyer and J.S. Moore, “A fast string searching algorithm,” Communications of the ACM, Vol. 20 No. 10, 1977, pp. 762-772.
[26] B. Commentz-Walter, “A String Matching Algorithm Fast on The Average,” In Proceedings of the 6th Colloquium, on Automata, Languages and Programming, 1979, pp. 118-132.
[27] S. Wu and U. Manber, “A Fast Algorithm for Multi-pattern Searching,” Technical Report TR-94-17, Department of Computer Science, University of Arizona, 1994.
[28] A. Spognardi, A. Lucarelli, and R.D. Pietro, “A Methodology for P2P File-Sharing Traffic Detection,” In Proceedings of the Second International Workshop on Hot Topics in Peer-to-Peer Systems, 2005, pp.52-61.
[29] S. Sen and J. Wang, “Analyzing Peer-to-Peer Traffic Across Large Networks,” IEEE/ACM Transactions on Networking, Vol. 12, No. 2, 2004, pp. 219-232.
[30] S. Sen, O. Spatscheck and D.M. Wang, “Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures,” In Proceedings of the 13th international conference on World Wide Web, 2004, pp.512-521.
[31] Soulseek, http://www.slsknet.org/, accessed July 2012.
[32] Mute, http://mute-net.sourceforge.net/, accessed July 2012.