Research And Development Of Mobile Terminal Network Traffic Acquisition And Service Platform On Cluster Architecture

With the wide use of mobile terminals,especially the rapidly growing popularity of smartphones,mobile intelligent terminal to the great changes of modern society.However,with the popularization of mobile applications and the growth in the number of users,security of mobile intelligent terminal is also facing great challenges.In the field of mobile malware detection,in addition to static signature analysis method and dynamic behavior analysis method,the academia and industry in recent years,begin to pay close attention to detection method based on network traffic characteristics.But because this detection technology using machine learning techniques and even deep learning technology,thus getting marked and large number of network traffic data become the primary task of the research.To solve these problems,in order to achieve the purpose of rapid collection application network traffic data.This paper designed and implemented the mobile terminal network traffic acquisition and service platform on cluster architecture.The platform is divided into three parts,one part is storage server.This part is used to store the application files and network traffic files.The second part is the intermediate control machine.Its function is to control platform to run.The third part is the cluster of acquisition computer,which is composed of acquisition flow computer.It is used for collecting mobile terminal network traffic.Each collection computer deploying the multi-threading network traffic collection procedures.Android virtual machine is deployed on the platform of the computer.Computer start multiple threads at the same time,each thread running automatic application of the network traffic collection tasks.This platform can also process network traffic file,for example,extract the DNS packets,TCP flow,malicious TCP flows in the network traffic,network flow visualization,etc.On the technical side,this platform of network traffic collection system is implemented using the Python language.Android application interface traversal script is implemented using Java language.The WEB management system is implemented using PHP language.The first two programs are designed to automate the flow of network traffic that is closer to the network traffic generated in the real environment.The latter is convenient for researchers to operate the platform.In this paper,we use this platform to collect more than 68000 android applications and collect network traffic bytes about 21 GB.After further processing to get about 1.06 million TCP network flow and 0.88 million DNS request.Extracted from the DNS packets,we got about 10000 requests of the domain name,and found 744 malicious domain name.Based on the above work,we extracted the pure malicious network traffic bytes about 1GB.At present,this data set is not only used in the laboratory,but also shared to the University of Nebraska Lincoln,Hunan University and other research team.