Illegal business
After years of broadband access network construction, for operators, access bandwidth is no longer the main problem. The first is to provide as many services as possible on the basis of the existing network, change the current profit-making mode only depending on access and bandwidth, and change the extensive business route; the other is to control the illegal business existing in the existing network. The so-called illegal business is to judge some data services existing on the network from the operator's point of view. Illegal business takes many forms. Here are just a few of them:
(1) P2P stream download. Peer-to-peer streaming can swallow up valuable network bandwidth and affect users'access to the Internet.
(2) VoIP. The existing public switched telephone network (PSTN) services of VoIP diversion operators may seriously damage their business income.
(3) Private connection on the user side. Broadband users apply for business as individuals, but use it for enterprises or black Internet cafes, or share it with other families, thus impairing the business income of operators.
Unlike the security problems in the preceding sections, illegal business has very complex business characteristics. It is impossible to determine whether a data message belongs to illegal business by simple feature extraction method. In order to detect whether a data stream is illegal, it is necessary to conduct in-depth intelligent analysis of the data stream. According to the predefined feature information database, data stream matching can be determined.
Private user chaos usually occurs when users use devices with network address translation (NAT) function and access nodes to dock. Upstream data messages appear from the surface as if they were sent from a user. To solve this problem, we need to collect all kinds of "clues": analysis of the number of TCP connections, network traffic, source TCP port range, which has certain reference value; analysis of some user-specific information that MSN, Windows Update can carry; user upstream data flow, such as OS version, IE version, user behavior habits and other useful user information. It is often necessary to combine some or all of the characteristics to make a comprehensive judgment, so as to reduce misjudgments and omissions. It is very difficult to detect illegal VoIP. There are many VoIP software. To cross firewalls or NATs and prevent detection, some VoIP software even starts private tunnels on special ports to carry VoIP-related data. All data streams of UDP/TCP need to be monitored, and data streams can be analyzed by VoIP registration, call and access.
P2P streams are easy to monitor, because the number of popular P2P software is limited, the characteristics of data messages sent by these software are relatively easy to define. Detection of illegal traffic can be carried out at all levels of broadband access network. The more the detection points move downstream, the stronger the feature of "distributed processing" is, the easier to improve the performance, but the price, cooperation and management of detection points are slightly weaker than centralized detection. The detection technology of illegal business has the trend of intellectualization. But the return is higher, because it can create higher value-added for operators. With the rise of various services in broadband access network in the future, illegal service detection will have a great potential, representing an important direction of broadband access network security research.
