| 摘要 |
An overlay network traffic detection system deploys traffic measurement units at multiple points on a network, creates profiles of the network traffic measured at each point, and then compiles the traffic profiles obtained at different points. The compiled profile of outbound traffic originating at a node is compared with the compiled profile of inbound traffic addressed to the same node. A strong correlation between the two profiles indicates that the node is relaying overlay network traffic. Further information can be gained by profile screening, by active interference in the traffic flow, by launching known information into the network at known times and observing its effect on the traffic profiles, and by observing keyword distributions in non-encrypted traffic.
|
