移动设备加密流量的用户信息探测研究展望

doi:10.11959/j.issn.1000-436x.2021040

摘要/Abstract

摘要：

移动设备加密流量分析可以用主动或被动的方式获取多种类型的用户信息，为网络安全管理和用户隐私保护提供保障。重点分析、归纳了用户信息探测所涉及的数据采集、特征选择、模型与方法以及评价体系的基本原理和关键方法。总结了现有方案中存在的问题，以及未来研究方向和面临的挑战。

关键词: 移动设备, 加密流量分析, 网络安全, 隐私保护, 信息探测

Abstract:

Encrypted traffic analysis of mobile devices can obtain multiple types of user information in an active or passive way, which provides protection for network security management and user privacy protection.The basic principles and key methods of data collection, feature selection, models and methods, and evaluation systems involved in these user information detection were analyzed and summarized.The problems in the existing projects were summarized, as well as the future research directions and challenges.

Key words: mobile device, encrypted traffic analysis, network security, privacy protection, information detection

中图分类号:

TN92

张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167.

Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices[J]. Journal on Communications, 2021, 42(2): 154-167.

图/表 9

图1

图2

图3

表1

图4

图5

图6

表2

图7

参考文献 65

[1]	中国互联网络信息中心. 第45次《中国互联网络发展状况统计报告》.(2020-04-28)[2020-07-14].
	China Internet Network Information Center. The 45th "Statistical Re-port on Internet Development in China"[R].(2020-04-28)[2020-07-14].
[2]	ENCK W , GILBERT P , HAN S ,et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014,32(2): 1-29.
[3]	ARDAGNA C A , CONTI M , LEONE M ,et al. An anonymous end-to-end communication protocol for mobile cloud environments[J]. IEEE Transactions on Services Computing, 2014,7(3): 373-386.
[4]	CONTI M , DRAGONI N , GOTTARDO S . MITHYS:mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities[C]// International Workshop on Security and Trust Management. Berlin:Springer, 2013: 65-81.
[5]	BERTHOLD O , FEDERRATH H , KOHNTOPP M . Project“anonymity and unobservability in the Internet”[C]// Proceedings of the Tenth Conference on Computers,Freedom and Privacy:Challenging the Assumptions. New York:ACM Press, 2000: 57-65.
[6]	BUJLOW T , CARELA-ESPANOL V , BARLET-ROS P . Independent comparison of popular DPI tools for traffic classification[J]. Computer Networks, 2015,76: 75-89.
[7]	WRIGHT C V , COULL S E , MONROSE F . Traffic morphing:an efficient defense against statistical traffic analysis[C]// Proceedings of the 16th Network and Distributed Security Symposium. Piscataway:IEEE Press, 2009: 237-250.
[8]	FAHL S , HARBACH M , MUDERS T ,et al. Why eve and mallory love android:an analysis of android SSL (in)security categories and subject descriptors[C]// ACM Conference on Computer ＆Communications Security. New York:ACM Press, 2012: 50-61.
[9]	GEORGIEV M , IYENGAR S , JANA S ,et al. The most dangerous code in the world:validating SSL certificates in non-browser software[C]// ACM Conference on Computer ＆ Communications Security. New York:ACM Press, 2012: 38-49.
[10]	STOBER T , FRANK M , SCHMITT J B ,et al. Who do you sync you are? Smartphone fingerprinting via application behaviour[C]// Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. New York:ACM Press, 2013: 7-12.
[11]	RAYMOND J , . Traffic analysis:protocols,attacks,design issues,and open problems[C]// Designing Privacy Enhancing Technologies. Berlin:Springer, 2001: 10-29.
[12]	CONTI M , MANCINI L V , SPOLAOR R ,et al. Can’t you hear me knocking:identification of user actions on android Apps via traffic analysis[C]// Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2015: 297-304.
[13]	COULL S E , DYER K P . Traffic analysis of encrypted messaging services:Apple iMessage and beyond[J]. ACM Sigcomm Computer Communication Review, 2014,44(5): 6-11.
[14]	LI H X , ZHU H J , MA D . Demographic information inference through meta-data analysis of Wi-Fi traffic[J]. IEEE Transactions on Mobile Computing, 2018,17(5): 1033-1047.
[15]	WANG P , CHEN X , YE F ,et al. A survey of techniques for mobile service encrypted traffic classification using deep learning[J]. IEEE Access, 2019,7: 54024-54033.
[16]	WANG X , QIN X , HOSSEINI M B ,et al. GUILeak:tracing privacy policy claims on user input data for Android applications[C]// International Conference on Software Engineering. Piscataway:IEEE Press, 2018: 37-47.
[17]	CONTI M , LI Q Q , MARAGNO A ,et al. The dark side(-channel) of mobile devices:a survey on network traffic analysis[J]. IEEE Communications Surveys and Tutorials, 2018,20(4): 2658-2713.
[18]	NABOULSI D , FIORE M , RIBOT S ,et al. Large-scale mobile traffic analysis:a survey[J]. IEEE Communications Surveys and Tutorials, 2016,18(1): 124-161.
[19]	WANG Q , YAHYAVI A , KEMME B ,et al. I know what you did on your smartphone:inferring App usage over encrypted data traffic[C]// 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE Press, 2015: 433-441.
[20]	JIA Q , ZHOU L , LI H ,et al. Who leaks my privacy:towards automatic and association detection with GDPR compliance[C]// International Conference on Wireless Algorithms,Systems,and Applications. Berlin:Springer, 2019: 137-148.
[21]	LE A , VARMARKEN J , LANGHOFF S ,et al. AntMonitor:a system for monitoring from mobile devices[C]// Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data. New York:ACM Press, 2015: 15-20.
[22]	RAZAGHPANAH A , VALLINA-RODRIGUEZ N , SUNDARESAN S ,et al. Haystack:in situ mobile traffic analysis in user space[J]. arXiv Preprint,arXiv:1510.01419， 2015.
[23]	NOVAK E , AUNG P T , DO T . VPN+ towards detection and remediation of information leakage on smartphones[C]// 2020 21st IEEE International Conference on Mobile Data Management. Piscataway:IEEE Press, 2020: 39-48.
[24]	SONG Y , HENGARTNER U . PrivacyGuard:a VPN-based platform to detect information leakage on android devices[C]// Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM Press, 2015: 15-26.
[25]	SHUBA A , LE A , ALIMPERTIS E ,et al. AntMonitor:a system for on-device mobile network monitoring and its applications[J]. arXiv Preprint,arXiv:1611.04268， 2016.
[26]	BAKOPOULOU E , SHUBA A , MARKOPOULOU A J A P A . Exposures exposed:a measurement and user study to assess mobile data privacy in context[J]. arXiv Preprint,arXiv:2008.08973， 2020.
[27]	SRIVASTAVA G , BHUWALKA K , SAHOO S K ,et al. Privacyproxy:leveraging crowdsourcing and in situ traffic analysis to detect and mitigate information leakage[J]. arXiv Preprint,arXiv:1708.06384， 2017.
[28]	REN J , RAO A , LINDORFER M ,et al. ReCon:revealing and controlling PII leaks in mobile network traffic[C]// Proceedings of the 14th Annual International Conference on Mobile Systems,Applications,and Services. New York:ACM Press, 2016: 361-374.
[29]	RAO A , KAKHKI A M , RAZAGHPANAH A ,et al. Using the middle to meddle with mobile[R].(2013-12-10)[2020-07-14].
[30]	SHUBA A , BAKOPOULOU E , MEHRABADI M A ,et al. Antshield:on-device detection of personal information exposure[J]. arXiv Preprint,arXiv:1803.01261， 2018.
[31]	SHUBA A , BAKOPOULOU E , MARKOPOULOU A . Privacy leak classification on mobile devices[C]// 2018 IEEE 19th International Workshop on Signal Processing Advances in Wireless Communications. Piscataway:IEEE Press, 2018: 1-5.
[32]	JIN H , LIU M , DODHIA K ,et al. Why are they collecting my data? Inferring the purposes of network traffic in mobile Apps[J]. Proceedings of the ACM on Interactive,Mobile,Wearable and Ubiquitous Technologies, 2018,2(4): 1-27.
[33]	TAN H Z , ZHAO W , SHEN H H . A context-perceptual privacy protection approach on Android devices[C]// 2018 IEEE International Conference on Communications. Piscataway:IEEE Press, 2018: 1-7.
[34]	JUNG J , SHETH A , GREENSTEIN B ,et al. Privacy oracle:a system for finding application leaks with black box differential testing[C]// Proceedings of the 15th ACM Conference on Computer and Communications Security. New York:ACM Press, 2008: 279-288.
[35]	CONTINELLA A , FRATANTONIO Y , LINDORFER M ,et al. Obfuscation-resilient privacy leak detection for mobile Apps through differential analysis[C]// Network and Distributed System Security Symposium. Virginia:the Internet Society, 2017: 1-15.
[36]	LIU Y , LIAO L , SONG T J S C I S . Static tainting extraction approach based on information flow graph for personally identifiable information[J]. Science China Information Sciences, 2020,63(3): 1-17.
[37]	ZHANG F , HE W , CHEN Y ,et al. Thwarting Wi-Fi side-channel analysis through traffic demultiplexing[J]. IEEE Transactions on Wireless Communications, 2014,13(1): 86-98.
[38]	ATKINSON J S , MITCHELL J E , RIO M ,et al. Your Wi-Fi is leaking:what do your mobile Apps gossip about you?[J]. Future Generation Computer Systems-the International Journal of Escience, 2018,80: 546-557.
[39]	CHENG Z , CHEN X , ZHANG Y ,et al. Detecting information theft based on mobile network flows for android users[C]// 2017 International Conference on Networking,Architecture,and Storage (NAS). Piscataway:IEEE Press, 2017: 1-10.
[40]	ACETO G , CIUONZO D , MONTIERI A ,et al. Mobile encrypted traffic classification using deep learning:experimental evaluation,lessons learned,and challenges[J]. IEEE Transactions on Network and Service Management, 2019,16(2): 445-458.
[41]	LIU J , FU Y , MING J ,et al. Effective and real-time in-App activity analysis in encrypted internet traffic streams[C]// Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York:ACM Press, 2017: 335-344.
[42]	FU Y , XIONG H , LU X ,et al. Service usage classification with encrypted internet traffic in mobile messaging Apps[J]. IEEE Transactions on Mobile Computing, 2016,15(11): 2851-2864.
[43]	ZHANG Q , XU M , ZHENG N ,et al. Identifying WeChat message types without using traditional traffic[J]. Information, 2020,11(1): 18.
[44]	PAPADOGIANNAKI E , HALEVIDIS C , AKRITIDIS P ,et al. OTTer:a scalable high-resolution encrypted traffic identification engine[C]// International Symposium on Research in Attacks,Intrusions,and Defenses. Berlin:Springer, 2018: 315-334.
[45]	FU Y , LIU J , LI X ,et al. Service usage analysis in mobile messaging apps:a multi-label multi-view perspective[C]// 2016 IEEE 16th International Conference on Data Mining. Piscataway:IEEE Press, 2016: 877-882.
[46]	FU Y J , LIU J M , LI X L ,et al. A multi-label multi-view learning framework for in-App service usage analysis[J]. ACM Transactions on Intelligent Systems and Technology, 2018,9(4): 40.
[47]	PARK K , KIM H . Encryption is not enough:inferring user activities on Kakaotalk with traffic analysis[C]// Workshop on Information Security Applications. Berlin:Springer, 2015: 254-265.
[48]	CONTI M , MANCINI L V , SPOLAOR R ,et al. Analyzing android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security, 2016,11(1): 114-125.
[49]	SALTAFORMAGGIO B , CHOI H , JOHNSON K ,et al. Eavesdropping on fine-grained user activities within smartphone Apps over encrypted network traffic[C]// 10th USENIX Workshop on Offensive Technologies. Berkeley:USENIX Association, 2016: 69-78.
[50]	SAPIO A , LIAO Y , BALDI M ,et al. Per-user policy enforcement on mobile Apps through network functions virtualization[C]// Proceedings of the 9th ACM workshop on Mobility in the evolving internet architecture. New York:ACM Press, 2014: 37-42.
[51]	TONGAONKAR A , DAI S , NUCCI A ,et al. Understanding mobile App usage patterns using in-App advertisements[C]// International Conference on Passive and Active Network Measurement. Berlin:Springer, 2013: 63-72.
[52]	LI K , LI H , ZHU H S ,et al. Side-channel information leakage of traffic data in instant messaging[C]// 2019 IEEE 38th International Performance Computing and Communications Conference. Piscataway:IEEE Press, 2019:doi.org/ 10.1109/ IPCCC47392.2019.8958775.
[53]	DYER K P , COULL S E , RISTENPART T ,et al. Peek-a-Boo,I still see you:why efficient traffic analysis countermeasures fail[C]// 2012 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2012: 332-346.
[54]	HOU C , SHI J , KANG C ,et al. Classifying user activities in the encrypted WeChat traffic[C]// 2018 IEEE 37th International Performance Computing and Communications Conference. Piscataway:IEEE Press, 2018: 1-8.
[55]	PATHMAPERUMA M H , RAHULAMATHAVAN Y , DOGAN S ,et al. In-App activity recognition from Wi-Fi encrypted traffic[C]// Science and Information Conference. Berlin:Springer, 2020: 685-697.
[56]	YAN F , XU M , QIAO T ,et al. Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic[C]// 2018 17th IEEE International Conference On Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway:IEEE Press, 2018: 1426-1432.
[57]	WANG Y , ZHENG N , XU M ,et al. Hierarchical identifier:application to user privacy eavesdropping on mobile payment App[J]. Sensors (Basel)， 2019:doi.org/10.3390/s19143052.
[58]	AIOLLI F , CONTI M , GANGWAL A ,et al. Mind your wallet’s privacy:identifying Bitcoin wallet Apps and user’s actions through network traffic analysis[C]// Proceedings of the 34th ACM/SIGApp Symposium on Applied Computing. New York:ACM Press, 2019: 1484-1491.
[59]	NAIK M , BHATIA A , TIWARI K . I know who you are:a learning framework to profile smartphone users[C]// 2020 International Conference on Communication Systems ＆ Networks. Piscataway:IEEE Press, 2020: 555-558.
[60]	MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification[R].(2005-08)[2020-07-14].
[61]	LI D , LI W , WANG X ,et al. ActiveTracker:uncovering the trajectory of App activities over encrypted internet traffic streams[C]// 2019 16th Annual IEEE International Conference on Sensing,Communication,and Networking. Piscataway:IEEE Press, 2019: 1-9.
[62]	HOU T , WANG T , LU Z ,et al. Smart spying via deep learning:inferring your activities from encrypted wireless traffic[C]// IEEE Global Conference on Signal and Information Processing. Piscataway:IEEE Press, 2019:doi.org/ 10.1109/GlobalSIP45357.2019.8969428.
[63]	ALAN H F , KAUR J . Can Android applications be identified using only TCP/IP headers of their launch time traffic?[C]// ACM Conference on Security ＆ Privacy in Wireless ＆ Mobile Networks. New York:ACM Press, 2016: 61-66.
[64]	GROLMAN E , FINKELSHTEIN A , PUZIS R ,et al. Transfer learning for user action identication in mobile Apps via encrypted trafc analysis[J]. IEEE Intelligent Systems, 2018,33(2): 40-53.
[65]	WU H , WU Q , CHENG G ,et al. Instagram user behavior identification based on multidimensional features[C]// IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2020: 1111-1116.

方法	提出年份	文献	客户端	服务器	未知类型	实时性	探测能力	稳健性
字符串匹配	2015	文献[21]	√	√	☆☆☆☆☆	×	★★☆☆☆	★★☆☆☆
字符串匹配	2015	文献[22]	√	×	☆☆☆☆☆	×	★★☆☆☆	★★☆☆☆
字符串匹配	2020	文献[23]	√	×	☆☆☆☆☆	×	★★★☆☆	★★★★☆
字符串匹配	2016	文献[25]	√	×	☆☆☆☆☆	√	★★☆☆☆	★★★☆☆
字符串匹配	2020	文献[26]	√	×	☆☆☆☆☆	×	★★★★☆	★★★☆☆
字符串匹配	2017	文献[27]	√	√	☆☆☆☆☆	×	★★☆☆☆	★★★☆☆
正则匹配	2015	文献[24]	×	×	☆☆☆☆☆	×	★★☆☆☆	★★☆☆☆
监督学习	2016	文献[28]	√	√	★★★★☆	×	★★★★☆	★★★★☆
监督学习	2018	文献[30]	√	√	★★☆☆☆	√	★★★★☆	★★★☆☆
监督学习	2018	文献[31]	√	×	★★☆☆☆	√	★★★★☆	★★★☆☆
监督学习	2018	文献[32]	√	×	★★☆☆☆	×	★★★★☆	★★★☆☆
监督学习	2018	文献[33]	√	×	★★☆☆☆	×	★★★☆☆	★★★☆☆
关联挖掘	2019	文献[20]	√	×	★★★☆☆	×	★★☆☆☆	★★★☆☆

行为	应用	规则
语音电话	微信	3{1,3}, 56-60{1,3}, 400-800
语音电话	微信	3{1,3}, 56-60{1,3}, 3{1,3}, 117 OR 3{1,3}, 56-60{1,3},3{1,3}, 114
聊天信息	微信	3{1,3}，52