近年來P2P (Peer-to-Peer)軟體的使用大幅增加，目前整個網際網路流量大約有70%都是P2P軟體的流量，而且比例還在增加當中。面對如此大量的新種類網路流量，現今文獻上已經有很多研究針對這個問題提出了一些方法，如：通訊埠(Port-based)與字串特徵(Signature-based)等。雖然效果也都不錯，但畢竟這些方法都有一些限制存在。例如：當P2P軟體使用隨機埠(Random Port)時，通訊埠方法將不再有效，甚至會出現相當大比例的誤判與漏判；而且因為一些隱私與安全上的顧慮，有時候網管者不被允許存取封包的資料內容，這樣字串特徵比對方法就會完全失效，更何況最近的P2P軟體為了躲避偵測還將資料內容加密，這樣一來即使可以存取封包的資料部分，此方法還是一樣無效。
為了有效偵測P2P軟體的使用，本論文特別針對目前最熱門且最多人使用的幾項P2P軟體作研究，其中包括：BitTorrent, eMule, Ares, iMesh, Thunder, PPSteam, PPLive, TVAnts, SopCast and Skype。整理出這幾個P2P軟體的特性與行為，並提出一個有效且不需複雜計算的方法用來偵測這些P2P軟體。我們將設計一個簡單的P2P偵測系統並納入我們的偵測方法，然後試著利用我們錄下來的網路流量來驗證這個方法的準確度。實驗證明我們的方法不但有效，而且也因為不需複雜計算而可以作到即時流量分類。

[1] D. Moore, K. Keys, R. Koga, E. Lagache, and K. C. Claffy, “CoralReef Software Suite as a Tool for System and Network Administrators,” USENIX conference on System administration, San Diego, California, December 2001, pp. 4-7.
[2] C. Logg and L. Cottrell, “Characterization of the Traffic between SLAC and the Internet,” http://www.slac.stanford.edu/comp/net/slac-netow/html/SLAC-netow.htm, July 2003.
[3] T. Karagiannis, A. Broido, N. Brownlee, K. Claffy, and M. Faloutsos, “Is P2P Dying or Just Hiding?” IEEE GLOBECOM, Dallas, Texas, vol. 3, November 2004, pp 1532-1538.
[4] A. Moore and D. Zuev, “Internet Traffic Classification Using Bayesian Analysis Techniques,” ACM SIGMETRICS, Alberta, Canada, June 2005, pp. 50-60.
[5] T. Karagiannis, D. Papagiannaki, and M. Faloutsos, “BLINC: Multilevel Traffic Classification in the Dark,” ACM SIGCOMM, Philadelphia PA, USA, August 2005, pp. 229-240.
[6] A. Moore and K. Papagiannaki, “Toward the Accurate Identification of Network Applications,” International Workshop of Passive and Active Measurement, Boston MA, USA, vol. 3431, 31 March 2005, pp. 41-54.
[7] Wireshark, “http://www.wireshark.org/”.
[8] K. Lua, J. Crowcroft, M. Pias, R. Sharma, and S. Lim, “A Survey and Comparison of Peer-to-Peer Overlay Network Schemes,” IEEE Communications Surveys and Tutorials 7, 2005, pp. 72-93.
[9] F. DePaoli and L. Mariani, “Dependability in Peer-to-Peer Systems,” IEEE Internet Computing, July-August 2004, pp. 54-60.
[10] C. Hoong Ding, S. Nutanong, and R. Buyya, “Peer-to-Peer Network for Content Sharing,” Peer-to-Peer Computing: Evolution of a Disruptive Technology, Ramesh Subramanian and Brian Goodman (editors), ISBN: 1-59140-429-0, Idea Group Publisher, Hershey, PPA, USA, 2005, pp. 28-65.
[11] S. Zander, T. Nguyen, and G. Armitage, “Automated Traffic Classification and Application Identification Using Machine Learning,” The IEEE Conference on Local Computer Networks, Sydney, Australia, 15-17 November 2005, pp. 250-257.
[12] S. Sen, O. Spatscheck, and D. Wang, “Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures,” ACM Conference on WWW, New York, USA, May 2004, pp. 512-521.
[13] L. Nandikonda, “Users Should Be Concerned of Spyware in Free P2P Software,” http://www.tml.tkk.fi/Publications/C/18/nandikonda.pdf, 2005.
[14] IANA, IANA Port Number List, “http://www.iana.org/assignments/port-numbers”.
[15] Burton H. Bloom, “Space/Time Trade-offs in Hash Coding with Allowable Errors,” Communications of the ACM, vol.13, no.7, July 1970, pp. 422-426.
[16] A. McGregor, M. Hall, P. Lorier, and J. Brunskill, “Flow Clustering Using Machine Learning Techniques,” Passive and Active Network Measurement, vol. 2015, May 2004, pp. 250-214.
[17] R. Kwitt, T. Strohmeier, and U. Hofmann, “Machine Learning for Perceptual QoS,” International Conference on Cybernetics and Information Technologies, Systems and Applications, Orlando, Florida, USA, July 2005.
[18] T. Karagiannis, A. Broido, M. Faloutsos, and K Claffy, “Transport Layer Identification of P2P Traffic,” ACM SIGCOMM Conference on Internet Measurement, Taormina, Sicily, Italy, October 2004, pp. 121-134.
[19] S. Saroiu, K. P. Gummadi, R. J. Dunn, S. D. Gribble, and H. M. Levy, “An Analysis of Internet Content Delivery Systems,” Symposium on Operating Systems Design and Implementation, Boston, USA, 2002, pp. 315-327.
[20] S. Sen and J. Wang, “Analyzing Peer-to-Peer Traffic across Large Networks,” IEEE/ACM Transactions on Networking, vol. 12, issue 2, April 2004, pp. 219-232.
[21] C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, S. C. Diot, “Packet-level Traffic Measurements from the Sprint IP Backbone,” IEEE Network, vol. 17, issue 6, November-December 2003, pp. 6-16.
[22] C. Dewes, A. Wichmann and A. Feldmann, “An Analysis of Internet Chat Systems,” Internet Measurement Conference 2003 (IMC ’03), FL, USA, 2003, pp. 51-64.
[23] T. Karagiannis, A. Broido, N. Brownlee, K. C. Claffy, and M. Faloutsosm, “File-Sharing in the Internet: A Characterization of P2P Traffic in the Backbone,” Technical report, http://www.cs.ucr.edu/~tkarag/, 2004.
[24] K. P. Gummadi, R. J. Dunn, S. Saroiu, S. D. Gribble, H. M. Levy and J. Zahorjan, “Measurement, Modeling, and Analysis of a Peer-to-Peer File-Sharing Workload,” ACM Symposium on Operation Systems Principles, Bolton Landing, NY, USA, October 2003.
[25] Jacobus van der Merwe, Ramon Caceres, Yang-hua Chu, Cormac Sreenan, “mmdump: A Tool for Monitoring Internet Multimedia Traffic,” ACM Computer Communication Review, vol. 30, no. 5, 2000.
[26] Hun-Jeong Kang, Hong-Taek Ju, Myung-Sup Kim, and James W. Hong, “Towards Streaming Media Traffic Monitoring and Analysis,” Asia-Pacific Network Operations and Management (APNOMS 2002), Jeju, Korea, 25-27 September 2002, pp. 503-504.
[27] Laurent Bernaille and Renata Teixeira, “Early Recognition of Encrypted Applications,” PAM 2007, Louvain-la-Neuve, Belgium, April 5-6, 2007, pp. 165-175.
[28] Laurent Bernaille, Renata Teixeira and K. Salamatian, “Early Application Identification,” ACM CoNEXT ’06, Lisboa, Portugal, no. 6, 2006.
[29] Laurent Bernaille, Renata Teixeira and Ismael Akodkenou, “Traffic Classification on The Fly,” Computer Communication Review, vol. 36, no. 2, 2006, pp. 23-26.
[30] F. Hernandez-Compos, A. B. Nobel, F. D. Smith, and K. Jeffay, “Statistical Clustering of Internet Communication Patterns,” The Symposium on the Interface of Computing Science and Statistics, July 2003.
[31] M. Roughan, S. Sen, O. Spatscheck, and N. Duffield, “Class-of-Service Mapping for QoS: A Statistical Signature-Based Approach to IP Traffic Classification,” Internet Measurement Conference, 2004, pp. 135-148.
[32] Myung-Sup Kim, Young J. Won, and James W. Hong, "Characteristic Analysis of Internet Traffic from the Perspective of Flows," Computer Communications, vol. 29, issue 10, 19 June 2006, pp. 1639-1652.
[33] Denis Zuev and Andrew W. Moore, “Traffic Classification using a Statistical Approach,” International Workshop on Passive and Active Network Measurement, Boston MA, vol. 3431, 31 March-1 April 2005, pp. 321-324.
[34] Hui Liu, Wenfeng Feng, Yongfeng Huang, and Xing Li, “A Peer-To-Peer Traffic Identification Method Using Machine Learning,” International Conference on Networking, Architecture, and Storage, 2007 (NAS ‘07), 29-31 July 2007, pp. 155-160.
[35] F. Constantinou and P. Mavrommatis, "Identifying known and unknown peer-to-peer traffic," IEEE International Symposium on Network Computing and Applications (NCA ‘06), 24-26 July 2006, pp. 93-102.
[36] PPLive, “http://www.pplive.com/”.
[37] Xiaojun Hei, Chao Liang, Jian Liang, Yong Liu, and Keith W. Ross, “Insights into PPLive: A Measurement Study of a Large-Scale P2P IPTV System,” IPTV Workshop, International World Wide Web Conference, May 2006.
[38] PPStream, “http://www.ppstream.com/”.
[39] Jinkang Jia, Chunxi Li, and Changjia Chen, “Characterizing PPStream across Internet,” NPC Workshops, 18-21 September 2007, pp. 413-418.
[40] TVAnts, “http://www.tvants.com/”.
[41] T. Silverston, O. Fourmaux, “P2P IPTV Measurement: A Case Study of TVAnts,” ACM CoNEXT, New York, USA, December 2006.
[42] T. Silverston and O. Fourmaux, “Measuring P2P IPTV Systems,” ACM International Workshop on Network and Operating Systems Support for Digital Audio & Video (NOSSDAV ’07), Urbana, IL, USA, June 2007, pp. 83-88.
[43] T. Silverston and O. Fourmaux, “P2P IPTV Measurement: A Comparison Study,” http://www.citebase.org/abstract?id=oai:arXiv.org:cs/0610133, October 2006.
[44] BitComet, “http://www.bitcomet.com/index.htm”.
[45] IE, “http://www.microsoft.com/windows/products/winfamily/ie/default.mspx”.
[46] MSN, “http://www.msn.com/”.
[47] SopCast, “http://www.sopcast.org/”.
[48] UUSee, “http://www.uusee.com/”.
[49] FileZilla, “http://filezilla-project.org/”.
[50] Skype, “http://www.skype.com/”.
[51] Salman A. Baset and Henning Schulzrinne, “An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol,” IEEE INFOCOM ’06, Barcelina, Spain, April 2006, pp. 1-11.
[52] K. Suh, D.R. Figueiredo, J. Kurose, and D. Towsley, “Characterizing and Detecting Relayed Traffic: A Case Study using Skype,” IEEE INFOCOM ‘06, Barcelina, Spain, April 2006.
[53] BitTorrent, “http://www.bittorrent.com/”.
[54] The BitTorrent Protocol Specification, “http://wiki.theory.org/BitTorrentSpecification/”.
[55] J. Pouwelse, P. Garbacki, D. Epema, and H. Sips, “The BitTorrent P2P File-Sharing System: Measurements and Analysis,” The IPTPS '05, Ithaca, NY, February 2005, pp. 205-216.
[56] J.A. Pouwelse, P. Garbacki, D.H.J. Epema, and H.J. Sips, “A Measurement Study of the BitTorrent Peer-to-Peer File-Sharing System,” Technical Report PDS-2004-003, Delft University of Technology, The Netherlands, April 2004.
[57] eMule, “http://www.emule-project.net/home/perl/general.cgi?l=16”.
[58] Y. Kulbak and D. Bickson, “The eMule Protocol Specification,“ Technical report, School of Computer Science and Engineering, Hebrew University of Jerusalem, January 2005.
[59] iMesh, “http://www.imesh.com/”.
[60] Telnet, “http://en.wikipedia.org/wiki/Telnet”.
[61] Thunder, “http://www.xunlei.com/”.
[62] Ares, “http://aresgalaxy.sourceforge.net/”.
[63] Gnutella, “http://en.wikipedia.org/wiki/Gnutella”.
[64] SHOUTcast, “http://www.shoutcast.com/”.