近幾年同儕計算（Peer-to-Peer Computing, 簡稱P2P）的應用程式引起了相當多的注意與討論。這類應用程式可以將世界上原本分散各地的電腦集合起來，分享彼此的計算能力與儲存空間，因此被迅速地使用與推廣。然而在這種網路架構下各節點為了彼此溝通所產生的封包卻時常造成網路的壅塞，特別是在檔案傳輸方面。P2P在使用上也牽涉到了一些著作版權上的議題，像是許多人會利用P2P的應用程式不法下載或散佈盜版的電影或音樂等等。因此在這個主題上的相關的研究越來越多。
最近針對P2P網路的相關研究多半著重在如何有效偵測它們的存在。辨識方法包括根攄連線埠或封包的資料內容。然而P2P的網路連線埠多半是可以讓使用者自訂的，而為了躲避防火牆，越來越多的使用者會任意更換連線埠，因此只根據連線埠來偵測P2P網路的方法會產生許多誤判（False Positive）或漏判（False Negative）的問題。而根據封包的資料內容來辨識P2P網路固然是個正確性較高的好辨法，但近來的研究只著重在發現它們的存在。如欲管制P2P網路所產生的龐大流量，這樣是不夠的。由於P2P的應用程式存在各式各樣的通訊模式與連線類型，為了有效管理這些連線，我們必需辨識出所有的連線種類才行。
本論文中仔細研究四種目前最熱門與最多人使用的P2P網路, 包括其協定和形為模式: Gnutella, FastTrack, eDonkey2000, and BitTorrent。這四種P2P網路代表不同的P2P網路架構的典型。在了解其特性與運作方式之後，即可設計出能準確辨識所有P2P網路連線的特徵。我們將在一部入侵偵測防禦系統（Intrusion Prevention System，簡稱IPS）驗證製作出來的特徵辨識效果。實驗證明這些特徵將能有效的辨識並阻擋P2P網路的運作而釋放出原本被佔用的頻寬。

The Peer-to-Peer (P2P) application has taken on a great deal of attention and importance in the last few years. It aggregates many computers in the world and makes use of their combined computing power and storage space. However the network traffic induced by the use of P2P applications is gradually becoming a significant problem. P2P network peers produce large volumes of messages whilst communicating with other peers, especially when file exchanging is occurring. The P2P technologies are also affected by issues regarding the copyright of spreading files of music, movies, or software. There has been much recent research focusing on this topic.
The main objective of recent research on P2P networks mostly focuses on how to detect the existence of P2P applications. Their identification, based only on IP address and port number, produces many false positive situations because the listening ports of P2P clients are usually configurable. Therefore we have to identify P2P networks using application layer content. However it won’t be sufficient to detect their existence if we also want to control the P2P traffic. There are many behavior types in a P2P network. To effectively control P2P network traffic we need to identify all of these.
In this thesis we first analyze the protocol and connection behaviors of the four most famous P2P networks - Gnutella, FastTrack, edonkey2000, and BitTorrent. Each one represents a classical type of P2P behavior. After knowing what they are and how they work, we will determine the most effective signatures for identifying all behaviors of P2P applications. We examine the effectiveness of our application-layer signatures on an Intrusion Prevention System (IPS) that can drop packets with specific contents inside. Almost all P2P connections are identified and blocked and network bandwidth is saved.

[1] RFC-Gnutella 0.6, http://rfc-gnutella.sourceforge.net/developer/testing/index.html
[2] The FastTrack Protocol, http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOL?rev=HEAD&content-type=text/vnd.viewcvs-markup
[3] Alexey Klimkin, “*Unofficial* eDonkey Protocol Specification v0.6.2”, http://sourceforge.net/projects/pdonkey/
[4] Yoram Kulbak and Danny Bickson, “The eMule Protocol Specification,” DANSS (Distributed Algorithms, Networking and Secure Systems) Lab.
[5] The BitTorrent official site, http://www.bittorrent.com/index.html
[6] The Bittorrent Protocol Specification, http://wiki.theory.org/BitTorrentSpecification
[7] Bram Cohen, “Incentives Build Robustness in BitTorrent”, http://www.bittorrent.com/documentation.html
[8] Bittorrent UDP-tracker protocol extension, http://libtorrent.sourceforge.net/udp_tracker_protocol.html
[9] Marcus Bernger, “Improving Performance of Modern Peer-to-Peer Services”, http://www.cs.umu.se/~bergner/thesis/html/thesis.html
[10] T. Karagiannis, A. Broido, M. Faloutsos, K. Claffy. “Transport Layer Identification of P2P Traffic”, ACM SIGCOMM conference on Internet Measurement, Taormina, Sicily, Italy, October 2004, pp. 121-134.
[11] S. Sen, O. Spatscheck, and D. Wang. “Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures”, ACM conference on WWW, New York, USA, May 2004, pp. 512-521.
[12] P-CUBE Technical White Paper. “Approaches To Controlling Peer-to-Peer Traffic: A Technical Analysis”, www.p-cube.com.
[13] K. Kant, R. Iyer, V. Tewari. “A Framework for Classifying Peer to-Peer Technologies”, IEEE/ACM International Symposium on CCGRID’02, Berlin, Germany, May 2002, pp. 368-395.
[14] Subhabrata Sen and Jia Wang, “Analyzing peer-to-peer traffic across large networks”, IEEE/ACM Transactions on Networking, Volume 12, Issue 2, April 2004, pp.219-232.
[15] Flavio DePaoli and Leonardo Mariani, “Dependability in Peer-to-Peer Systems”, IEEE Internet Computing, July • August 2004, pp. 54-60.
[16] Dimitrios Tsoumakos and Nick Roussopoulos, “Analysis and Comparison of P2P Search Methods,” International Workshop on the Web and Databases, June 12-13 2003, San Diego, USA.
[17] Stefan Saroiu, P. Krishna Gummadi, Steven D. Gribble, “A Measurement Study of Peer-to-Peer File Sharing Systems,” Multimedia Computing and Networking (MMCN), San Jose, January, 2002.
[18] Krishna P. Gummadi, Richard J. Dunn, Stefan Saroiu, Steven D. Gribble, Henry M. Levy, and John Zahorjan, “Measurement, modeling, and analysis of a peer-to-peer file-sharing workload”, ACM SOSP’03, Bolton Landing, NY, USA, 2003.
[19] Pietro Braione, “A Semantical and Implementative Comparison of File Sharing Peer-to-Peer Applications”, International Conference on Peer-to-Peer Computing (P2P’02), 2002.
[20] Pradnya Karbhari, Mostafa Ammar, Amogh Dhamdhere, Himanshu Raj, George Riley, Ellen Zegura, “Bootstrapping in Gnutella: A Preliminary Measurement Study”. PAM'04.
[21] Choon Hoong Ding, Sarana Nutanong, and Rajkumar Buyya, “Peer-to-Peer Networks for Content Sharing”, Peer-to-Peer Computing: Evolution of a Disruptive Technology, Ramesh Subramanian and Brian Goodman (editors), ISBN: 1-59140-429-0, 28-65pp, Idea Group Publisher, Hershey, PA, USA, 2005.
[22] Jian Liang, Rakesh Kumar, Keith W. Ross, “The KaZaA Overlay: A Measurement Study”, Polytechnic University, New York, September 15, 2004.
[23] Igor Ivkovic, “Improving Gnutella Protocol: Protocol Analysis And Research Proposals”, Prize-Winning Paper For LimeWire Gnutella Research Contest, September 2001
[24] Yatin Chawathe, Sylvia Ratnasamy, Lee Breslau, Nick Lanham, Scott Shenker, “Making Gnutella-like P2P Systems Scalable”, SIGCOMM’03, Karlsruhe, Germany, August 25–29, 2003.
[25] An Industry White Paper, “Regional characteristics of P2P: File sharing as a multi-application, multi-national phenomenon ”, www.sandvine.com
[26] The eDonkey2000 official site, "http://www.edonkey2000.com/".
[27] The eMule official site, "http://www.emule-project.net/home/perl/general.cgi?l=16".
[28] P2P Sharing and Information Site, http://www.slyck.com/
[29] LimeWire, “http://www.limewire.com/english/content/home.shtml”
[30] BearShare, “www.bearshare.com”
[31] IPS device: NK Eulen, http://www.broadweb.com/chinese/04_products/01_00_product.php?ID=21