طراحی و پیاده‌سازی یک چارچوب مبتنی بر اعتماد برای تشخیص ترافیک موبایل در شبکه

نوع مقاله : مقاله پژوهشی

نویسندگان

1 کارشناسی ارشد، امنیت فناوری اطلاعات، گروه مهندسی کامپیوتر، دانشگاه بین المللی امام رضا (ع)

2 استادیار گروه مهندسی کامپیوتر، دانشگاه بین المللی امام رضا (ع)

3 گروه مهندسی کامپیوتر، دانشکده مهندسی، دانشگاه فردوسی مشهد

چکیده

رشد چشم‌گیر دستگاه‌های موبایل باعث شده است تا یکی از مسائل مهم در دنیای امنیت امروز، رسیدگی و پاسخگویی به حوادث امنیتی مربوط به آن‌ها باشد. تحلیلگران امنیتی با اهداف متفاوتی مانند شناسایی برنامه‌های کاربردی موبایلی وشناسایی سیستم‌عامل، تحلیل ترافیک شبکه را انجام می‌دهند. با توجه به ماهیت پویای دستگاه‌های موبایل، روند تشخیص و تحلیل ترافیک دستگاه‌های موبایلی مشکل‌تر از سایر تجهیزات شبکه و دستگاه‌های سنتی است. هرچند تحقیقات گسترده‌ای در این حوزه انجام شده است، با این حال اکثر این روش‌ها برای تشخیص در ترافیک واقعی کارا نیستند و با چالش‌هایی مانند ترافیک رمزشده و دستکاری داده‌ها روبه‌رو هستند. در این مقاله، چارچوبی جهت تشخیص ترافیک موبایل با رویکردی مبتنی بر اعتماد ارائه شده است. چارچوب پیشنهادی از چهار زیرسیستم تشخیص در لایه‌های مختلف TCP/IP و دو زیرسیستم کنترلی تشکیل شده است. ابتدا با کمک زیرسیستم شناسایی محیط، صحت اطلاعات مربوط به هر لایه بررسی شده و در صورت معتبر بودن اطلاعات هر لایه، ترافیک به زیرسیستم‌های تشخیص ارسال می‌گردد. پس از انجام تشخیص در هریک از زیرسیستم‌ها، براساس فاکتورهای بدست آمده در هر زیرسیستم، تشخیص نهایی هر عامل توسط زیرسیستم تشخیص انجام می‌شود. در این مقاله به‌منظور ارزیابی چارچوب پیشنهادی و بررسی چالش‌های موجود، مجموعه‌داده‌ای واقعی از ترافیک شبکه بی‌سیم (دانشگاه فردوسی مشهد) تهیه و مورد استفاده قرار گرفته است. نتایج حاصل نشان می‌دهند که سیستم پیشنهادی قادر است با تجمیع نظرات زیرسیستم‌های تشخیص براساس میزان اعتماد و اطمینان به هریک از آن‌ها، فرآیند تشخیص را با دقت حداکثری 0.97 و خطای حداقلی 0.09 انجام دهد.

کلیدواژه‌ها

موضوعات

عنوان مقاله [English]

Design and Implementation of a Trust-based Framework for Network Mobile Traffic Detection

نویسندگان [English]

  • Maryam Torabi 1
  • Hamidreza Mahrooghi 2
  • Sobhan Aliabadi 1
  • Haleh Amintoosi 3
1 Imam Reza International University
2 Imam Reza international University
3 Ferdowsi University of Mashhad
چکیده [English]

Nowadays, with the widespread growth of mobile devices and their usages in most people’s daily lives, a main concerns is handling and responding their related security incidents in the area of mobile network traffic analysis. The main objectives of security researchers include mobile application identification, mobile malware detection and user’s personal information leakage. Identification and traffic analysis of mobile devices is more difficult than other network devices like traditional ones due to their dynamic nature. Although a lot of research has been done in this area, most of them are not efficient for identifying in real traffic due to challenges such as encrypted traffic and data manipulation. In this paper, we propose a trust-based mobile traffic detection system which is able to handle various real traffic. The proposed framework consists of four detection subsystems. First, the environment identification subsystem examines validity of the information for each network layer. If the information of each layer is valid, then traffic is sent to the detection subsystem. After detection of each subsystems, the final detection is performed according to the obtained factors in each subsystem. For the evaluation purposes, a suitable dataset is used which is collected from wireless network traffic of Ferdowsi University of Mashhad campus in Mashhad, Iran. The experimental results show that aggregation of subsystem detection based on trust and confidence is efficient in analyzing real mobile traffic with maximum accuracy, 0.97, and minimum error rate, 0.09, under special circumstances.

کلیدواژه‌ها [English]

  • Network traffic analysis
  • trust
  • operation system detection
  • Internet of Things
  • application identification

مراجع

[1] Conti, M., Li, Q. Q., Maragno, A., & Spolaor, R. The dark side (-channel) of mobile devices: A survey on network traffic analysis, IEEE Communications Surveys & Tutorials, 20(4), 2658-2713, 2018.
[2] Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., & Vigna, G., Obfuscation-Resilient Privacy Leak Detection for Mobile Apps through Differential Analysis, In NDSS, 2017.
[3] Cheng, Z., Chen, X., Zhang, Y., Li, S., & Sang, Y., Detecting information theft based on mobile network flows for Android users, In 2017 International Conference on Networking, Architecture, and Storage (NAS) (pp. 1-10). IEEE, 2017.
[4] Wang, S., Chen, Z., Yan, Q., Yang, B., Peng, L., & Jia, Z., A mobile malware detection method using behavior features in network traffic. Journal of Network and Computer Applications, 133, 15-25, 2019.
[5] Arora, A., & Peddoju, S. K. Minimizing network traffic features for Android mobile malware detection. In Proceedings of the 18th International Conference on Distributed Computing and Networking (p. 32). ACM, 2017.
[6] Pariwono, E., Chiba, D., Akiyama, M., & Mori, T, Don't throw me away: Threats Caused by the Abandoned Internet Resources Used by Android Apps, In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 147-158). ACM, 2018.
[7] Huang, X., Zhou, A., Jia, P., Liu, L., & Liu, L., Fuzzing the Android Applications With HTTP/HTTPS Network Data, IEEE Access, 7, 59951-59962, 2019.
[8] Taylor, V. F., Spolaor, R., Conti, M., & Martinovic, I., Robust smartphone app identification via encrypted network traffic analysis, IEEE Transactions on Information Forensics and Security, 13(1), 63-78, 2017.
[9] Chaddad, L., Chehab, A., Elhajj, I. H., & Kayssi, A., Mobile Traffic Anonymization through Probabilistic Distribution, In 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN) (pp. 242-248). IEEE, 2019.
[10] Lastovicka, M., Jirsik, T., Celeda, P., Spacek, S., & Filakovsky, D., Passive os fingerprinting methods in the jungle of wireless networks. In NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium (pp. 1-9). IEEE, 2018.
[11] Shamsi, Z., Cline, D. B., & Loguinov, D., Faulds: A non-parametric iterative classifier for Internet-wide OS fingerprinting, In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 971-982). ACM, 2017.
[12] Wei, X., Valler, N. C., Madhyastha, H. V., Neamtiu, I., & Faloutsos, M., Characterizing the behavior of handheld devices and its implications. Computer Networks, 114, 1-12, 2017.
[13] Ghosh, R. K., Mobile OS and Application Protocols, In Wireless Networking and Mobile Data Management (pp. 217-261). Springer, Singapore, 2017.
[14] Zarras, A., Papadogiannakis, A., Gawlik, R., & Holz, T., Automated generation of models for fast and precise detection of HTTP-based malware. In Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on (pp. 249-256). IEEE, 2014.
[15] Pajola, L., Pasa, L., & Conti, M., Threat is in the Air: Machine Learning for Wireless Network Applications, In Proceedings of the ACM Workshop on Wireless Security and Machine Learning (pp. 16-21). ACM, 2019.
[16] Miskovic, S., Lee, G. M., Liao, Y., & Baldi, M., AppPrint: Automatic Fingerprinting of Mobile Applications in Network Traffic, In Passive and Active Measurement (pp. 57-69). Springer International Publishing, 2015.
[17] Yoon, S. H., Shim, K. S., Lee, S. K., & Kim, M. S., Framework for multi-level application traffic identification, In Network Operations and Management Symposium (APNOMS), 2015 17th Asia-Pacific (pp. 424-427). IEEE, 2015.
[18] Park, K., & Kim, H., Encryption Is Not Enough: Inferring user activities on KakaoTalk with traffic analysis, In International Workshop on Information Security Applications (pp. 254-265). Springer, Cham, 2015.
[19] Liu, Z., Wang, R., & Tang, D., Research on mobile network traffic taxonomy, In Computer, Information and Telecommunication Systems (CITS), 2016 International Conference on (pp. 1-5). IEEE, 2016.
[20] Mongkolluksamee, S., Visoottiviseth, V., & Fukuda, K., Combining communication patterns & traffic patterns to enhance mobile traffic identification performance, Journal of Information Processing, 24(2), 247-254, 2016.
[21] Alan, H. F., & Kaur, J., Can Android applications be identified using only TCP/IP headers of their launch time traffic?, In Proceedings of the 9th ACM conference on security & privacy in wireless and mobile networks (pp. 61-66), ACM, 2016.
[22] Chen, Z., Yu, B., Zhang, Y., Zhang, J., & Xu, J., Automatic mobile application traffic identification by convolutional neural networks. In 2016 IEEE Trustcom/BigDataSE/ISPA (pp. 301-307). IEEE, 2016.
[23] Fang, P., Huang, L., Xu, H., & He, Q., Smart Device Fingerprinting Based on Webpage Loading, In International Conference on Wireless Algorithms, Systems, and Applications (pp. 127-139). Springer, Cham, 2018.
[24] Chaddad, L., Chehab, A., Elhajj, I. H., & Kayssi, A., Mobile Traffic Anonymization through Probabilistic Distribution, In 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN) (pp. 242-248). IEEE, 2019.
[25] Michal Zalewski. p0f v3 (version 3.08b), 2016. [Online]. Avaiable:http://lcamtuf.coredump.cx/p0f3/. (Visited on June 14, 2019).
[26] Chen, Y. C., Liao, Y., Baldi, M., Lee, S. J., & Qiu, L., OS Fingerprinting and Tethering Detection in Mobile Networks, In Proceedings of the 2014 Conference on Internet Measurement Conference (pp. 173-180). ACM, 2014.
[27] Malik, N., Chandramouli, J., Suresh, P., Fairbanks, K., Watkins, L., & Robinson, W. H., Using network traffic to verify mobile device forensic artifacts, In 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 114-119). IEEE, 2017.
[28] Ruffing, N., Zhu, Y., Libertini, R., Guan, Y., & Bettati, R., Smartphone reconnaissance:
Operating system identification, In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1086-1091). IEEE, 2016.
[29] Gurary, J., Zhu, Y., Bettati, R., & Guan, Y., Operating System Fingerprinting. In Digital Fingerprinting (pp. 115-139). Springer, New York, NY, 2016.
[30] Anderson, B., & McGrew, D., OS fingerprinting: New techniques and a study of information gain and obfuscation, In 2017 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE, 2017.
[31] Aksoy, A., Louis, S., & Gunes, M. H., Operating system fingerprinting via automated network traffic analysis, In 2017 IEEE Congress on Evolutionary Computation (CEC) (pp. 2502-2509). IEEE, 2017.
[32] Aksoy, A., & Gunes, M. H,. Operating system classification performance of TCP/IP protocol headers, In 2016 IEEE 41st Conference on Local Computer Networks Workshops (LCN Workshops) (pp. 112-120). IEEE, 2016.
[33] Shamsi, Z., & Loguinov, D., Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting, IEEE/ACM Transactions on Networking, 25(4), 2430-2443, 2017.
[34] Laštovička, M., Dufka, A., & Komárková, J., Machine Learning Fingerprinting Methods in Cyber Security Domain: Which one to Use?, In 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC) (pp. 542-547). IEEE, 2018.
[35] Thangavelu, V., Divakaran, D. M., Sairam, R., Bhunia, S. S., & Gurusamy, M., DEFT: A Distributed IoT Fingerprinting Technique, IEEE Internet of Things Journal, 6(1), 940-952, 2018.
[36] Noguchi, H., Kataoka, M., & Yamato, Y., Device Identification Based on Communication Analysis for the Internet of Things, IEEE Access, 7, 52903-52912, 2019.
[37] Bai, L., Yao, L., Kanhere, S. S., Wang, X., & Yang, Z., Automatic device classification from network traffic streams of internet of things, In 2018 IEEE 43rd Conference on Local Computer Networks (LCN) (pp. 1-9). IEEE, 2018.
[38] Yang, K., Li, Q., & Sun, L., towards automatic fingerprinting of IoT devices in the cyberspace. Computer Networks, 148, 318-327, 2019.
[39] Postel, J., & Reynolds, J. K., RFC 1700 Assigned Numbers. Network Working Group, 1994.
[40] A. Jøsang, C. Keser, and T. Dimitrakos, Can We Manage Trust?, Proceedings of the Third International
[41] Conference on Trust Management (iTrust), Versailles, France, pp. 93-107, 2005.
[42] W. T. L. Teacy, J. Patel, N. R. Jennings, and M. Luck, Coping with Inaccurate Reputation Sources Experimental Analysis of a Probabilistic Trust Model, AAMAS’05, 2005.
[43] A. Twigg and N. Dimmock, Attack-Resistance of Computational Trust Models, Proceedings of the
[44] Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative
[45] Enterprises (WET-ICE’03), pp. 275-280, 2003.
[46] Wireshark manufacturer database, 2019, [Online]. Avaiable:
[47] https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf (visited on June 14, 2019)
[48] Fingerbank Database, 2019, [Online].
[49] Available: https://fingerbank.inverse.ca/ (visited on June 14, 2019).

فایل ها

سابقه مقاله

  • تاریخ دریافت: 30 شهریور 1398
  • تاریخ بازنگری: 16 آذر 1398
  • تاریخ پذیرش: 08 دی 1398
  • تاریخ اولین انتشار: 01 بهمن 1398

اشتراک گذاری

ارجاع به این مقاله

آمار