移动设备网络流量分析技术综述

徐明; 杨雪; 章坚武

doi:10.11959/j.issn.1000-0801.2018151

您当前的位置：

首页 >

文章列表页 >

移动设备网络流量分析技术综述

综述 | 更新时间：2024-06-05

- 移动设备网络流量分析技术综述
- A review of network traffic analysis targeting mobile devices
- 电信科学 2018年34卷第4期页码：98-108
- 作者机构：
  
  1. 杭州电子科技大学网络空间安全学院，浙江杭州 310018
  2. 浙江警察学院计算机与信息技术系，浙江杭州 310053
- 作者简介：
  
  [ "徐明（1970-），男，博士，杭州电子科技大学网络空间安全学院教授、博士生导师，主要研究方向为网络信息安全。" ]
  [ "杨雪（1988-），女，浙江警察学院计算机与信息技术系讲师，杭州电子科技大学计算机学院博士生，主要研究方向为网络信息安全。" ]
  [ "章坚武（1961-），男，博士后，杭州电子科技大学教授、博士生导师，主要研究方向为移动通信与个人通信。" ]
- 基金信息：
  
  国家重点研发计划经费资助项目;The National Key Research Development Program of China(2016YFB0800201);国家自然科学基金资助项目;The National Natural Science Foundation of China(61572165);国家自然科学基金资助项目;The National Natural Science Foundation of China(61702150);浙江省自然科学基金重点资助项目;The State Key Program of Zhejiang Province Natural Science Foundation of China(LZ15F020003);浙江省重点研发计划基金资助项目;Key Research and Development Plan Project of Zhejiang Province(2017C01065);浙江省重点研发计划基金资助项目;Key Research and Development Plan Project of Zhejiang Province(2017C01062)
- DOI：10.11959/j.issn.1000-0801.2018151
  中图分类号： TP393
- 网络出版日期：2018-04，
  
  纸质出版日期：2018-04-20
- 稿件说明：
移动端阅览
徐明, 杨雪, 章坚武. 移动设备网络流量分析技术综述[J]. 电信科学, 2018,34(4):98-108.

Ming XU, Xue YANG, Jianwu ZHANG. A review of network traffic analysis targeting mobile devices[J]. Telecommunications science, 2018, 34(4): 98-108.
徐明, 杨雪, 章坚武. 移动设备网络流量分析技术综述[J]. 电信科学, 2018,34(4):98-108. DOI： 10.11959/j.issn.1000-0801.2018151.

Ming XU, Xue YANG, Jianwu ZHANG. A review of network traffic analysis targeting mobile devices[J]. Telecommunications science, 2018, 34(4): 98-108. DOI： 10.11959/j.issn.1000-0801.2018151.

摘要

摘要：移动设备在人们的日常生活中不可或缺，分析移动设备产生的网络流量能够为网络管理、隐私保护等活动提供有价值的信息。为深入了解流量分析在移动设备领域的发展现状及趋势，介绍了网络流量分析的基本框架和移动设备网络流量的收集手段，并分类总结了移动设备网络流量分析的目的。最后根据目前相关研究中仍存在的问题，对移动设备网络流量分析领域的研究方向进行了展望。

Abstract

Mobile devices are now ubiquitous in people’s life

thus analyzing network traffic generated by these devices can provide valuable information for network management and privacy preservation.In order to review the works that contribute to the state of the art of network analysis targeting mobile devices

the framework of network analysis

traffic collection approaches were introduced and a classification of the works according to the goal of the analysis was presented.Finally

the future research of network analysis targeting mobile devices was proposed based on the current problems in this literature.

关键词

Keywords

references

STATIST A . Number of smartphone user worldwide from 2014 to 2020 (in billions) [EB ] . 2016 .

MOORE A , PAPAGIANNAKI K . Toward the accurate identification of network applications [C ] // International Conference on passive and active network measurement,March 31-April 1,2005,Boston,MA,USA . Heidelberg:Springer-Verlag , 2005 : 41 - 54 .

KARAGIANNIS T , PAPAGIANNAKI K , FALOUTSOS M . BLINC:multilevel traffic classification in the dark [C ] // ACM Special Interest Group on Data Communication,August 22-26,2005,Philadelphia,PA,USA . New York:ACM Press , 2005 : 229 - 240 .

FERREIRA D , VAZQUEZ F , VORMAYR G . A meta-analysis approach for feature selection in network traffic research [C ] // The Reproducibility Workshop,August 21-25,2017 , ,Los Angeles,NV,USA .[S.l.:s.n ] 2017 .

LINDORFER M , NEUGSCHWANDTNER M , WEICHSELBAUM L , et al . ANDRUBIS - 1,000,000 apps later:a view on current Android malware behaviors [C ] // The 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security,September 11,2014,Wroclaw,Poland . Washington:IEEE Computer Society , 2014 : 3 - 17 .

SHEPARD C , RAHMATI A , TOSSELL C , et al . LiveLab:Measuring wireless networks and smartphone users in the field [J ] . ACM SIGMETRICS Performance Evaluation Review , 2010 , 38 ( 3 ): 15 - 20 .

STEVENS R , GIBLER C , CRUSSELL J , et al . Investigating user privacy in Android Ad libraries [C ] // The 2012 Workshop on Mobile Security Technologies,May 24,2012 , San Francisco,CA,USA .[S.l.:s.n ] , 2012 .

CHEN X , JIN R , SUH K , et al . Network performance of smart mobile handhelds in a university campus WI-FI network [C ] // The 2012 ACM SIGCOMM Internet Measurement Conference,August 13-16,2012,Helsinki,Finland . New York:ACM Press , 2012 : 315 - 328 .

CHEN Z , HAN H , YAN Q , et al . A first look at Android malware traffic in first few minutes [C ] // 2015 IEEE Trustcom/BigDataSE/ISPA,August 20-22,2015,Helsinki,Finland . New York:IEEE Computer Society , 2015 : 206 - 213 .

NAYAM W , LAOLEE A , CHAROENWATANA L , et al . An analysis of mobile application network behavior [C ] // The 12th Asian Internet Engineering Conference,November 30-December 2,2016,Bangkok,Thailand . New York:ACM Press , 2016 : 9 - 16 .

GEMBER A , ANAND A , AKELLA A . A comparative study of handheld and non-handheld traffic in campus Wi-Fi networks [C ] // The 12th International Conference on Passive and Active Measurement,March 20-22,2011,Atlanta . Heidelberg:Springer-Verlag , 2011 : 173 - 183 .

WEI X , VALLER N , MADHYASTHA H , et al . Characterizing the behavior of handheld devices and its implications [J ] . Computer Networks , 2017 ( 114 ): 1 - 12 .

FALAKI H , LYMBEROPOULOS D , MAHAJAN R , et al . A first look at traffic on smartphones [C ] // The 2010 ACM SIGCOMM Internet Measurement Conference,November 1-3,2010,Melbourne,Australia . New York:ACM Press , 2010 : 281 - 287 .

AFANASYEV M , CHEN T , VOELKER G , et al . Usage patterns in an urban Wi-Fi network [J ] . IEEE/ACM Transactions on Networking , 2010 , 18 ( 5 ): 1359 - 1372 .

ESPADA A , GALLARDO M , SALMERON A , et al . Performance analysis of Spotifyc for Android with model-based testing [J ] . Mobile Information Systems , 2017 .

COULL S , DYER K . Traffic analysis of encrypted messaging services:Apple iMessage and beyond [J ] . ACM SIGCOMM Computer Communication Review , 2014 , 44 ( 5 ): 5 - 11 .

RUFFING N , ZHU Y , LIBERTINI R , et al . Smartphone reconnaissance:Operating system identification [C ] // 13th IEEE Annual Consumer Communications and Networking Conference,January 9-12,2016,Las Vegas,NV,USA . New York:IEEE Communications Society , 2016 : 1086 - 1091 .

MALIK N , CHANDRAMOULI J , SURESH P , et al . Using network traffic to verify mobile device forensic artifacts [C ] // The 14th IEEE Annual Consumer Communications and Networking Conference,January 8-11,2017,Las Vegas,NV,USA . Piscataway:IEEE Press , 2017 : 114 - 119 .

VANRYKEL E , ACAR G , HERRMANN M , et al . Leaky birds:exploiting mobile application traffic for surveillance [C ] // the 20th International Conference on Financial Cryptography and Data Security,February 22-26,2016,Barbados . Heidelberg:Springer-Verlag , 2017 : 367 - 384 .

VERDE N , ATENIESE G , GABRIELLI E , et al . No NAT’d user left behind:fingerprinting users behind NAT from NetFlow records alone [C ] // The 34th IEEE International Conference on Distributed Computing Systems,June 30-July 3,2014,Madrid,Spain . Washington:IEEE Computer Society , 2014 : 218 - 227 .

PARK K , KIM H . Encryption is not enough:inferring user activities on KakaoTalk with traffic analysis [C ] // The 16th International Workshop on Information Security Applications,August 20-22,2015,Jeju Island,Korea . Heidelberg:SpringerVerlag , 2015 : 254 - 265 .

SHAFIQ M , YU X Z , LOGHARI A , et al . WeChat text and picture messages service flow traffic classification using machine learning technique [C ] // The 14th International Conference on Smart City,December 12-14,2016 , Sydney,Australia .[S.l.:s.n ] , 2016 .

CONTI M , MANCINI L , SPOLAOR R , et al . Analyzing Android encrypted network traffic to identify user actions [J ] . IEEE Transactions on Information Forensics and Security , 2016 , 11 ( 1 ): 114 - 25 .

FU Y J , XIONG H , LU X J , et al . Service usage classification with encrypted Internet traffic in mobile messaging apps [J ] . IEEE Transactions on Mobile Computing , 2016 , 15 ( 11 ): 2851 - 2864 .

WANG Q L , YAHYAVI A , KEMME B , et al . I know what you did on your smartphone:inferring app usage over encrypted data traffic [C ] // The 2015 IEEE Conference on Communications and Network Security,September 28-30,2015,Florence,Italy . New York:IEEE Communications Society , 2015 : 433 - 441 .

H. KUZUNO AND S. Tonami , . Signature generation for sensitive information leakage in Android applications [C ] // The 29th IEEE International Conference on Data Engineering,April 8-12,2013,Brisbane,Australia . Washington:IEEE Computer Society , 2013 : 112 - 119 .

REN J , RAO A , LINDORFER M , et al . ReCon:revealing and controlling PII leaks in mobile network traffic [C ] // The 14th Annual International Conference on Mobile Systems,Applications,and Services,June 26-30,2016,Singapore . New York:ACM Press , 2016 : 361 - 374 .

RAO A , MOLAVI KAKHKI A , RAZAGHPANAHS A , et al . Using the middle to meddle with mobile [R ] . 2012 .

LE A , VARMARKEN J , LANGHOFF S , et al . AntMonitor:a system for monitoring from mobile devices [C ] // 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data,August 17-21,2015,London,UK . New York:ACM Press , 2015 : 15 - 20 .

SONG Y , HENGARTNER U . PrivacyGuard:a VPN-based platform to detect information leakage on Android devices [C ] // The 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices,October 12,2015,Denver,USA . New York:ACM Press , 2015 : 15 - 26 .

ENCK W , GILBERT P , CHUN B G , et al . TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones [C ] // The 9th USENIX Symposium on Operating Systems Design and Implementation,October 4-6,2010,Vancouver,Canada . Berkeley:USENIX Association , 2010 : 393 - 407 .

CONTINELLA A , FRATANTONIO Y , LINDORFER M , et al . Obfuscation-resilient privacy leak detection for mobile apps through differential analysis [C ] // The 2017 Network and Distributed System Security Symposium,February 26-March 1,2017,San Diego,USA . Reston:Internet Society , 2017 .

BARBERA M , EPASTO A , MEI A , et al . Signals from the crowd:Uncovering social relationships through smartphone probes [C ] // The 2013 ACM SIGCOMM Internet Measurement Conference,October 23-25,2013,Barcelona,Spain . New York:ACM Press , 2013 : 265 - 276 .

LI H , XU Z , ZHU H , et al . Demographics Inference through WI-FI network traffic analysis [C ] // The 35th IEEE International Conference on Computer Communications,April 10-15,2016,San Francisco,USA . Piscataway:IEEE Press , 2016 : 1 - 9 .

HUSTED N , MYERS S . Mobile location tracking in metro areas:Malnets and others [C ] // The 17th ACM Conference on Computer and Communications Security,October 4-8,2010,Chicago,USA . New York:ACM Press , 2010 : 85 - 96 .

MUSA A , ERIKSSON J . Tracking unmodified smartphones using Wi-Fi monitors [C ] // The 10th ACM Conference on Embedded Networked Sensor Systems,November 6-9,2012,Toronto,Canada . New York:ACM Press , 2012 : 281 - 294 .

LEE S , PARK J , LEE H , et al . A study on smart-phone traffic analysis [C ] // The 13th Asia-Pacific Network Operations and Management Symposium,September 21-23,2011,Taipei,China . New York:IEEE Communications Society , 2011 : 177 - 183 .

YAO H , RANJAN G , TONGAONKAR A , et al . SAMPLES:self adaptive mining of persistent LExical Snippets for classifying mobile application traffic [C ] // The 21th Annual International Conference on Mobile Computing and Networking,September 7-11,2015,Paris,France . New York:ACM Press , 2015 : 439 - 451 .

TAYOR V , SPOLAOR R , CONTI M , et al . AppScanner:automatic fingerprinting of smartphone Apps from encrypted network traffic [C ] // The 1st IEEE European Symposium on Security and Privacy,March 21-24,2016,Saarbrucken,Germany . Piscataway:IEEE Press , 2016 : 439 - 454 .

ALAN H , KAUR J . Can Android applications be identified using only TCP/IP headers of their launch time traffic [C ] // The 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks,July 18-20,2016,Darmstadt,Germany . New York:ACM Press , 2016 : 61 - 66 .

SU X , CHUAN M , TAN G . Smartphone dual defense protection framework:detecting malicious applications in Android markets [C ] // The 8th International Conference on Mobile Ad-hoc and Sensor Networks,December 14-16,2012,Chengdu,China . Washington:IEEE Computer Society , 2012 : 153 - 160 .

WEI T E , MAO C H , JENG A B , et al . Android malware detection via a latent network behavior analysis [C ] // The 11th IEEE International Conference on Trust,Security and Privacy in Computing and Communications,June 25-27,2012,Liverpool,UK . Washington:IEEE Computer Society , 2012 : 1251 - 1258 .

ZAMAN M , SIDDIQUI T , AMIN M , et al . Malware detection in Android by network traffic analysis [C ] // The 1st International Conference on Networking Systems and Security,January 5-7,2015,Dhaka,Bangladesh . Piscataway:IEEE Press , 2015 : 1 - 5 .

NARUDIN F , FEIZOLLAH A , ANUAR N , et al . Evaluation of machine learning classifiers for mobile malware detection [J ] . Soft Computing , 2016 , 20 ( 1 ): 1 - 5 .

WANG S , CHEN Z , ZHANG L , et al . TrafficAV:an effective and explainable detection of mobile malware behavior using network traffic [C ] // The 24th IEEE/ACM International Symposium on Quality of Service,June 20-21,2016,Beijing,China . Piscataway:IEEE Press , 2016 : 384 - 389 .

ARORA A , PEDDOJU S . Minimizing network traffic features for Android mobile malware detection [C ] // The 18th International Conference on Distributed Computing and Networking,January 4-7,2017,Hyderabad,India . New York:ACM Press , 2017 :32.

SHABTAI A , KANONOV U , ELOVICI Y , et al . “Andromaly”:a behavioral malware detection framework for Android devices [J ] . Journal of Intelligent Information Systems , 2012 , 38 ( 1 ): 161 - 190 .

SHABTAI A , TENENBOIM-CHEKINA L , MIMRAN D , et al . Mobile malware detection through analysis of deviations in application network behavior [J ] . Computers ＆ Security , 2014 , 43 ( 6 ): 1 - 18 .

汪来富 , 金华敏 , 刘东鑫 , 等 . 面向网络大数据的安全分析技术应用 [J ] . 电信科学 , 2017 , 33 ( 3 ): 112 - 118 .

WANG L F , JIN H M , LIU D X , et al . Application of security analysis technology for network big data [J ] . Telecommunications Science , 2017 , 33 ( 3 ): 112 - 118 .

姜红红 , 张涛 , 赵新建 , 等 . 基于大数据的电力信息网络流量异常检测机制 [J ] . 电信科学 , 2017 , 33 ( 3 ): 134 - 141 .

JIANG H H , ZHANG T , ZHAO X J , et al . A big data based flow anomaly detection mechanism of electric power information network [J ] . Telecommunications Science , 2017 , 33 ( 3 ): 134 - 141 .

王帅 , 汪来富 , 金华敏 , 等 . 网络安全分析中的大数据技术应用 [J ] . 电信科学 , 2015 , 31 ( 7 ): 145 - 150 .

WANG S , WANG L F , JIN H M , SHEN J , et al . Big data application in network security analysis [J ] . Telecommunications Science , 2015 , 31 ( 7 ): 145 - 150 .

曹旭 , 曹瑞彤 . 基于大数据分析的网络异常检测方法 [J ] . 电信科学 , 2014 , 30 ( 6 ): 152 - 156 .

CAO X , CAO R T . Network anomaly prediction method based on big data [J ] . Telecommunications Science , 2014 , 30 ( 6 ): 152 - 156 .

NASR M , HOUMANSADR A , MAZUMDAR A . Compressive traffic analysis:a new paradigm for scalable traffic analysis [C ] // The 2017 ACM Conference on Computer and Communications Security,October 30-November 3,2017,Dallas,USA . New York:ACM Press , 2017 : 2053 - 2069 .

浏览量

1137

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于SDWAN承载技术的生态环境厅业务专网升级

灰盒光传输设备的SDN管控技术研究及应用

移动设备生物特征识别多模态融合标准研究及展望

高速网络访问超点实时检测算法精度分析

一种适用于NFC移动设备的双向认证安全方案