An implementation of open systems interconnection (OSI) transport layer P2P identification algorithm using Netflow and Netfilter as a P2P traffic firewall / Amir Herman Amiruddin

Popularity of P2P applications usage; majorly on file-sharing and video streaming has gained vast popularity and so rapid which wake up network service providers of its dominance. With the ability of P2P network connecting multiple clients with other multiple clients, P2P traffic tends to occupy and congest a bandwidth pipeline. Most of the industry’s P2P bandwidth management solutions adopted Deep Packet Inspection (DPI) method for high traffic controlling accuracy. However, this approach has its setbacks which are (i) Traffic Bottleneck (ii) Extensive Resources and (iii) Encrypted Payload. The purpose of this dissertation was to implement OSI Transport Layer P2P identification algorithm using Netflow and Netfilter as a P2P traffic firewall. Using a novel firewall framework designed in this dissertation, an algorithm adapted from research by Yan, Wu, Luo, & Zhang (2013) was used for the P2P identification method. Tested on a university WiFi campus network to measure (i) P2P Identification Ability, (ii) Firewall Hardware Resources and (iii) Number of firewall rules, the Netflow data of its traffic were processed to detect any possible P2P host. The ability of detecting P2P host by this algorithm was compared to the detection rate of operational DPI appliances in the network. The experiment showed that, for P2P identification ability, Netflow based algorithm detected 28.7% more than DPI. Further investigation clearly showed it was because DPI failed to detect encrypted P2P hosts compared to DPI. The result also showed over a period of 60 hours; the firewall server utilizes in average of 4% to 5% of CPU and 5.08 Gb from total 8.0 GB respectively. The number of firewall rules created was average at 56.70 for every each 10 minutes cycle over a sampling of 60 hours. This research has proved that it is capable of detecting P2P traffic with higher accuracy in comparing to DPI method, utilized low resources and capable in creating P2P hosts blocking firewall rules thus proved the P2P firewall framework solution design to be valid and implementable in a real network. For future works, it was recommended to explore new heuristics P2P identification using IPFIX which will commission to become a future network flow standard by IETF.