Real-Time Detection of Encrypted Thunder Traffic Based on Trustworthy Behavior Association

  • Gang Xiong
  • Wenting Huang
  • Yong Zhao
  • Ming Song
  • Zhenzhen Li
  • Li Guo
Part of the Communications in Computer and Information Science book series (CCIS, volume 320)


Thunder, as the most popular P2P download software in China, has token up a large amount of bandwidth. And it is almost impossible to identify the encrypted thunder traffic. This paper proposes a method to detect encrypted Thunder traffic, featuring high precision and small computational cost. At the same time, this method doesn’t depend on content inspection, nor does it violate users’ privacy, which can be used flexibly in high-speed network environment, and deal with changes of statistical traffic properties. We implement a prototype system based on this algorithm, which can detect multiple versions of encrypted Thunder traffics in real time, achieving a precision rate above 95% and a recall rate above 95%.


traffic classification trustworthy behavior encrypted traffic P2P traffic behavior association thunder 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Download Software Ranking (April 2010),
  2. 2.
    Schulze, H., Mochalski, K.: Internet Study (2008/2009),
  3. 3.
    Xiong, G., Meng, J., Cao, Z.-G., Wang, Y., Guo, L., Fang, B.-X.: Research Progress and Prospects of Network Traffic Classification. Journal of Integration Technology 1(1), 31–41 (2012)Google Scholar
  4. 4.
    Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. SIGCOMM Comput. Commun. Rev. 35(4), 229–240 (2005)CrossRefGoogle Scholar
  5. 5.
    Xu, K., Zhang, Z.-L., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 169–180. ACM, Philadelphia (2005)Google Scholar
  6. 6.
    Iliofotou, M., Hyun-Chul, K., Faloutsos, M., et al.: Graph-Based P2P Traffic Classification at the Internet Backbone. In: Proceedings of the INFOCOM Workshops 2009, April 19-25. IEEE (2009)Google Scholar
  7. 7.
    Yangyang, L., Jianping, P.: The impact of NAT on BitTorrent-like P2P systems. In: Proceedings of the IEEE Ninth International Conference on Peer-to-Peer Computing, P2P 2009, September 9-11 (2009)Google Scholar
  8. 8.
    Bernaille, L., Teixeira, R., Salamatian, K.: Early application identification. In: Proceedings of the 2006 ACM CoNEXT Conference. ACM, Lisboa (2006)Google Scholar
  9. 9.
    Zhao, Y., Zhang, Z., Wang, Y., et al.: Performance evaluation of Xunlei peer-to-peer network: A measurement study. In: Proceedings of the Consumer Communications and Networking Conference (CCNC 2011). IEEE (January 2011)Google Scholar
  10. 10.
    Yong, Z., Zhibin, Z., Li, G., et al.: XunleiProbe: A Sensitive and Accurate Probing on a Large-Scale P2SP System. In: Proceedings of the 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2011), October 20-22 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Gang Xiong
    • 1
    • 2
    • 3
  • Wenting Huang
    • 4
  • Yong Zhao
    • 2
  • Ming Song
    • 5
  • Zhenzhen Li
    • 2
  • Li Guo
    • 2
  1. 1.Institute of Computing TechnologyChinese Academy of ScienceChina
  2. 2.Institute of Information EngineeringChinese Academy of ScienceChina
  3. 3.Graduate University of Chinese Academy of ScienceChina
  4. 4.National Computer Network Emergency Response Technical TeamChina
  5. 5.Key Laboratory of Trustworthy Distributed Computing and Service (BUPT)Ministry of EducationBeijingChina

Personalised recommendations