通信学报 ›› 2021, Vol. 42 ›› Issue (2): 154-167.doi: 10.11959/j.issn.1000-436x.2021040
张腾飞, 余顺争
修回日期:
2020-11-03
出版日期:
2021-02-25
发布日期:
2021-02-01
作者简介:
张腾飞(1991- ),男,河南洛阳人,中山大学博士生,主要研究方向为网络安全和网络行为分析。基金资助:
Tengfei ZHANG, Shunzheng YU
Revised:
2020-11-03
Online:
2021-02-25
Published:
2021-02-01
Supported by:
摘要:
移动设备加密流量分析可以用主动或被动的方式获取多种类型的用户信息,为网络安全管理和用户隐私保护提供保障。重点分析、归纳了用户信息探测所涉及的数据采集、特征选择、模型与方法以及评价体系的基本原理和关键方法。总结了现有方案中存在的问题,以及未来研究方向和面临的挑战。
中图分类号:
张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167.
Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices[J]. Journal on Communications, 2021, 42(2): 154-167.
表1
基于VPN的PII探测方法对比"
方法 | 提出年份 | 文献 | 客户端 | 服务器 | 未知类型 | 实时性 | 探测能力 | 稳健性 |
字符串匹配 | 2015 | 文献[21] | √ | √ | ☆☆☆☆☆ | × | ★★☆☆☆ | ★★☆☆☆ |
字符串匹配 | 2015 | 文献[22] | √ | × | ☆☆☆☆☆ | × | ★★☆☆☆ | ★★☆☆☆ |
字符串匹配 | 2020 | 文献[23] | √ | × | ☆☆☆☆☆ | × | ★★★☆☆ | ★★★★☆ |
字符串匹配 | 2016 | 文献[25] | √ | × | ☆☆☆☆☆ | √ | ★★☆☆☆ | ★★★☆☆ |
字符串匹配 | 2020 | 文献[26] | √ | × | ☆☆☆☆☆ | × | ★★★★☆ | ★★★☆☆ |
字符串匹配 | 2017 | 文献[27] | √ | √ | ☆☆☆☆☆ | × | ★★☆☆☆ | ★★★☆☆ |
正则匹配 | 2015 | 文献[24] | × | × | ☆☆☆☆☆ | × | ★★☆☆☆ | ★★☆☆☆ |
监督学习 | 2016 | 文献[28] | √ | √ | ★★★★☆ | × | ★★★★☆ | ★★★★☆ |
监督学习 | 2018 | 文献[30] | √ | √ | ★★☆☆☆ | √ | ★★★★☆ | ★★★☆☆ |
监督学习 | 2018 | 文献[31] | √ | × | ★★☆☆☆ | √ | ★★★★☆ | ★★★☆☆ |
监督学习 | 2018 | 文献[32] | √ | × | ★★☆☆☆ | × | ★★★★☆ | ★★★☆☆ |
监督学习 | 2018 | 文献[33] | √ | × | ★★☆☆☆ | × | ★★★☆☆ | ★★★☆☆ |
关联挖掘 | 2019 | 文献[20] | √ | × | ★★★☆☆ | × | ★★☆☆☆ | ★★★☆☆ |
[1] | 中国互联网络信息中心. 第45次《中国互联网络发展状况统计报告》.(2020-04-28)[2020-07-14]. |
China Internet Network Information Center. The 45th "Statistical Re-port on Internet Development in China"[R].(2020-04-28)[2020-07-14]. | |
[2] | ENCK W , GILBERT P , HAN S ,et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014,32(2): 1-29. |
[3] | ARDAGNA C A , CONTI M , LEONE M ,et al. An anonymous end-to-end communication protocol for mobile cloud environments[J]. IEEE Transactions on Services Computing, 2014,7(3): 373-386. |
[4] | CONTI M , DRAGONI N , GOTTARDO S . MITHYS:mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities[C]// International Workshop on Security and Trust Management. Berlin:Springer, 2013: 65-81. |
[5] | BERTHOLD O , FEDERRATH H , KOHNTOPP M . Project“anonymity and unobservability in the Internet”[C]// Proceedings of the Tenth Conference on Computers,Freedom and Privacy:Challenging the Assumptions. New York:ACM Press, 2000: 57-65. |
[6] | BUJLOW T , CARELA-ESPANOL V , BARLET-ROS P . Independent comparison of popular DPI tools for traffic classification[J]. Computer Networks, 2015,76: 75-89. |
[7] | WRIGHT C V , COULL S E , MONROSE F . Traffic morphing:an efficient defense against statistical traffic analysis[C]// Proceedings of the 16th Network and Distributed Security Symposium. Piscataway:IEEE Press, 2009: 237-250. |
[8] | FAHL S , HARBACH M , MUDERS T ,et al. Why eve and mallory love android:an analysis of android SSL (in)security categories and subject descriptors[C]// ACM Conference on Computer &Communications Security. New York:ACM Press, 2012: 50-61. |
[9] | GEORGIEV M , IYENGAR S , JANA S ,et al. The most dangerous code in the world:validating SSL certificates in non-browser software[C]// ACM Conference on Computer & Communications Security. New York:ACM Press, 2012: 38-49. |
[10] | STOBER T , FRANK M , SCHMITT J B ,et al. Who do you sync you are? Smartphone fingerprinting via application behaviour[C]// Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. New York:ACM Press, 2013: 7-12. |
[11] | RAYMOND J , . Traffic analysis:protocols,attacks,design issues,and open problems[C]// Designing Privacy Enhancing Technologies. Berlin:Springer, 2001: 10-29. |
[12] | CONTI M , MANCINI L V , SPOLAOR R ,et al. Can’t you hear me knocking:identification of user actions on android Apps via traffic analysis[C]// Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2015: 297-304. |
[13] | COULL S E , DYER K P . Traffic analysis of encrypted messaging services:Apple iMessage and beyond[J]. ACM Sigcomm Computer Communication Review, 2014,44(5): 6-11. |
[14] | LI H X , ZHU H J , MA D . Demographic information inference through meta-data analysis of Wi-Fi traffic[J]. IEEE Transactions on Mobile Computing, 2018,17(5): 1033-1047. |
[15] | WANG P , CHEN X , YE F ,et al. A survey of techniques for mobile service encrypted traffic classification using deep learning[J]. IEEE Access, 2019,7: 54024-54033. |
[16] | WANG X , QIN X , HOSSEINI M B ,et al. GUILeak:tracing privacy policy claims on user input data for Android applications[C]// International Conference on Software Engineering. Piscataway:IEEE Press, 2018: 37-47. |
[17] | CONTI M , LI Q Q , MARAGNO A ,et al. The dark side(-channel) of mobile devices:a survey on network traffic analysis[J]. IEEE Communications Surveys and Tutorials, 2018,20(4): 2658-2713. |
[18] | NABOULSI D , FIORE M , RIBOT S ,et al. Large-scale mobile traffic analysis:a survey[J]. IEEE Communications Surveys and Tutorials, 2016,18(1): 124-161. |
[19] | WANG Q , YAHYAVI A , KEMME B ,et al. I know what you did on your smartphone:inferring App usage over encrypted data traffic[C]// 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE Press, 2015: 433-441. |
[20] | JIA Q , ZHOU L , LI H ,et al. Who leaks my privacy:towards automatic and association detection with GDPR compliance[C]// International Conference on Wireless Algorithms,Systems,and Applications. Berlin:Springer, 2019: 137-148. |
[21] | LE A , VARMARKEN J , LANGHOFF S ,et al. AntMonitor:a system for monitoring from mobile devices[C]// Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data. New York:ACM Press, 2015: 15-20. |
[22] | RAZAGHPANAH A , VALLINA-RODRIGUEZ N , SUNDARESAN S ,et al. Haystack:in situ mobile traffic analysis in user space[J]. arXiv Preprint,arXiv:1510.01419, 2015. |
[23] | NOVAK E , AUNG P T , DO T . VPN+ towards detection and remediation of information leakage on smartphones[C]// 2020 21st IEEE International Conference on Mobile Data Management. Piscataway:IEEE Press, 2020: 39-48. |
[24] | SONG Y , HENGARTNER U . PrivacyGuard:a VPN-based platform to detect information leakage on android devices[C]// Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM Press, 2015: 15-26. |
[25] | SHUBA A , LE A , ALIMPERTIS E ,et al. AntMonitor:a system for on-device mobile network monitoring and its applications[J]. arXiv Preprint,arXiv:1611.04268, 2016. |
[26] | BAKOPOULOU E , SHUBA A , MARKOPOULOU A J A P A . Exposures exposed:a measurement and user study to assess mobile data privacy in context[J]. arXiv Preprint,arXiv:2008.08973, 2020. |
[27] | SRIVASTAVA G , BHUWALKA K , SAHOO S K ,et al. Privacyproxy:leveraging crowdsourcing and in situ traffic analysis to detect and mitigate information leakage[J]. arXiv Preprint,arXiv:1708.06384, 2017. |
[28] | REN J , RAO A , LINDORFER M ,et al. ReCon:revealing and controlling PII leaks in mobile network traffic[C]// Proceedings of the 14th Annual International Conference on Mobile Systems,Applications,and Services. New York:ACM Press, 2016: 361-374. |
[29] | RAO A , KAKHKI A M , RAZAGHPANAH A ,et al. Using the middle to meddle with mobile[R].(2013-12-10)[2020-07-14]. |
[30] | SHUBA A , BAKOPOULOU E , MEHRABADI M A ,et al. Antshield:on-device detection of personal information exposure[J]. arXiv Preprint,arXiv:1803.01261, 2018. |
[31] | SHUBA A , BAKOPOULOU E , MARKOPOULOU A . Privacy leak classification on mobile devices[C]// 2018 IEEE 19th International Workshop on Signal Processing Advances in Wireless Communications. Piscataway:IEEE Press, 2018: 1-5. |
[32] | JIN H , LIU M , DODHIA K ,et al. Why are they collecting my data? Inferring the purposes of network traffic in mobile Apps[J]. Proceedings of the ACM on Interactive,Mobile,Wearable and Ubiquitous Technologies, 2018,2(4): 1-27. |
[33] | TAN H Z , ZHAO W , SHEN H H . A context-perceptual privacy protection approach on Android devices[C]// 2018 IEEE International Conference on Communications. Piscataway:IEEE Press, 2018: 1-7. |
[34] | JUNG J , SHETH A , GREENSTEIN B ,et al. Privacy oracle:a system for finding application leaks with black box differential testing[C]// Proceedings of the 15th ACM Conference on Computer and Communications Security. New York:ACM Press, 2008: 279-288. |
[35] | CONTINELLA A , FRATANTONIO Y , LINDORFER M ,et al. Obfuscation-resilient privacy leak detection for mobile Apps through differential analysis[C]// Network and Distributed System Security Symposium. Virginia:the Internet Society, 2017: 1-15. |
[36] | LIU Y , LIAO L , SONG T J S C I S . Static tainting extraction approach based on information flow graph for personally identifiable information[J]. Science China Information Sciences, 2020,63(3): 1-17. |
[37] | ZHANG F , HE W , CHEN Y ,et al. Thwarting Wi-Fi side-channel analysis through traffic demultiplexing[J]. IEEE Transactions on Wireless Communications, 2014,13(1): 86-98. |
[38] | ATKINSON J S , MITCHELL J E , RIO M ,et al. Your Wi-Fi is leaking:what do your mobile Apps gossip about you?[J]. Future Generation Computer Systems-the International Journal of Escience, 2018,80: 546-557. |
[39] | CHENG Z , CHEN X , ZHANG Y ,et al. Detecting information theft based on mobile network flows for android users[C]// 2017 International Conference on Networking,Architecture,and Storage (NAS). Piscataway:IEEE Press, 2017: 1-10. |
[40] | ACETO G , CIUONZO D , MONTIERI A ,et al. Mobile encrypted traffic classification using deep learning:experimental evaluation,lessons learned,and challenges[J]. IEEE Transactions on Network and Service Management, 2019,16(2): 445-458. |
[41] | LIU J , FU Y , MING J ,et al. Effective and real-time in-App activity analysis in encrypted internet traffic streams[C]// Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York:ACM Press, 2017: 335-344. |
[42] | FU Y , XIONG H , LU X ,et al. Service usage classification with encrypted internet traffic in mobile messaging Apps[J]. IEEE Transactions on Mobile Computing, 2016,15(11): 2851-2864. |
[43] | ZHANG Q , XU M , ZHENG N ,et al. Identifying WeChat message types without using traditional traffic[J]. Information, 2020,11(1): 18. |
[44] | PAPADOGIANNAKI E , HALEVIDIS C , AKRITIDIS P ,et al. OTTer:a scalable high-resolution encrypted traffic identification engine[C]// International Symposium on Research in Attacks,Intrusions,and Defenses. Berlin:Springer, 2018: 315-334. |
[45] | FU Y , LIU J , LI X ,et al. Service usage analysis in mobile messaging apps:a multi-label multi-view perspective[C]// 2016 IEEE 16th International Conference on Data Mining. Piscataway:IEEE Press, 2016: 877-882. |
[46] | FU Y J , LIU J M , LI X L ,et al. A multi-label multi-view learning framework for in-App service usage analysis[J]. ACM Transactions on Intelligent Systems and Technology, 2018,9(4): 40. |
[47] | PARK K , KIM H . Encryption is not enough:inferring user activities on Kakaotalk with traffic analysis[C]// Workshop on Information Security Applications. Berlin:Springer, 2015: 254-265. |
[48] | CONTI M , MANCINI L V , SPOLAOR R ,et al. Analyzing android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security, 2016,11(1): 114-125. |
[49] | SALTAFORMAGGIO B , CHOI H , JOHNSON K ,et al. Eavesdropping on fine-grained user activities within smartphone Apps over encrypted network traffic[C]// 10th USENIX Workshop on Offensive Technologies. Berkeley:USENIX Association, 2016: 69-78. |
[50] | SAPIO A , LIAO Y , BALDI M ,et al. Per-user policy enforcement on mobile Apps through network functions virtualization[C]// Proceedings of the 9th ACM workshop on Mobility in the evolving internet architecture. New York:ACM Press, 2014: 37-42. |
[51] | TONGAONKAR A , DAI S , NUCCI A ,et al. Understanding mobile App usage patterns using in-App advertisements[C]// International Conference on Passive and Active Network Measurement. Berlin:Springer, 2013: 63-72. |
[52] | LI K , LI H , ZHU H S ,et al. Side-channel information leakage of traffic data in instant messaging[C]// 2019 IEEE 38th International Performance Computing and Communications Conference. Piscataway:IEEE Press, 2019:doi.org/ 10.1109/ IPCCC47392.2019.8958775. |
[53] | DYER K P , COULL S E , RISTENPART T ,et al. Peek-a-Boo,I still see you:why efficient traffic analysis countermeasures fail[C]// 2012 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2012: 332-346. |
[54] | HOU C , SHI J , KANG C ,et al. Classifying user activities in the encrypted WeChat traffic[C]// 2018 IEEE 37th International Performance Computing and Communications Conference. Piscataway:IEEE Press, 2018: 1-8. |
[55] | PATHMAPERUMA M H , RAHULAMATHAVAN Y , DOGAN S ,et al. In-App activity recognition from Wi-Fi encrypted traffic[C]// Science and Information Conference. Berlin:Springer, 2020: 685-697. |
[56] | YAN F , XU M , QIAO T ,et al. Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic[C]// 2018 17th IEEE International Conference On Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway:IEEE Press, 2018: 1426-1432. |
[57] | WANG Y , ZHENG N , XU M ,et al. Hierarchical identifier:application to user privacy eavesdropping on mobile payment App[J]. Sensors (Basel), 2019:doi.org/10.3390/s19143052. |
[58] | AIOLLI F , CONTI M , GANGWAL A ,et al. Mind your wallet’s privacy:identifying Bitcoin wallet Apps and user’s actions through network traffic analysis[C]// Proceedings of the 34th ACM/SIGApp Symposium on Applied Computing. New York:ACM Press, 2019: 1484-1491. |
[59] | NAIK M , BHATIA A , TIWARI K . I know who you are:a learning framework to profile smartphone users[C]// 2020 International Conference on Communication Systems & Networks. Piscataway:IEEE Press, 2020: 555-558. |
[60] | MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification[R].(2005-08)[2020-07-14]. |
[61] | LI D , LI W , WANG X ,et al. ActiveTracker:uncovering the trajectory of App activities over encrypted internet traffic streams[C]// 2019 16th Annual IEEE International Conference on Sensing,Communication,and Networking. Piscataway:IEEE Press, 2019: 1-9. |
[62] | HOU T , WANG T , LU Z ,et al. Smart spying via deep learning:inferring your activities from encrypted wireless traffic[C]// IEEE Global Conference on Signal and Information Processing. Piscataway:IEEE Press, 2019:doi.org/ 10.1109/GlobalSIP45357.2019.8969428. |
[63] | ALAN H F , KAUR J . Can Android applications be identified using only TCP/IP headers of their launch time traffic?[C]// ACM Conference on Security & Privacy in Wireless & Mobile Networks. New York:ACM Press, 2016: 61-66. |
[64] | GROLMAN E , FINKELSHTEIN A , PUZIS R ,et al. Transfer learning for user action identication in mobile Apps via encrypted trafc analysis[J]. IEEE Intelligent Systems, 2018,33(2): 40-53. |
[65] | WU H , WU Q , CHENG G ,et al. Instagram user behavior identification based on multidimensional features[C]// IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2020: 1111-1116. |
[1] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[2] | 马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153. |
[3] | 冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233. |
[4] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[5] | 胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200. |
[6] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[7] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[8] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[9] | 余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28. |
[10] | 张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141. |
[11] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
[12] | 王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238. |
[13] | 封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75. |
[14] | 于海宁, 张宏莉, 余翔湛, 曲家兴, 葛蒙蒙. 隐私保护的轨迹相似度计算方法[J]. 通信学报, 2022, 43(11): 1-13. |
[15] | 彭滔, 钟文韬, 王国军, 罗恩韬, 熊金波, 刘忆宁, Hao Wang. 移动社交网络中面向隐私保护的精确好友匹配[J]. 通信学报, 2022, 43(11): 90-103. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|