Research And Implementation Of Anomaly Detection System Based On Advertising Traffic

Advertising is the main source of revenue for many developers,which in turn allows developers to provide services to users free of charge,becoming an important part of the mobile application ecosystem.However,some developers seek benefits through illegal advertising,which poses a serious threat to users' information security.Illegal advertisements are different from legal advertisements,and can detect illegal advertisements by detecting abnormal traffic.At present,the main way to detect advertising traffic at home and abroad is to filter the list,but this method is prone to recognition failure or misidentification,and does not have the ability to self-update,requiring a lot of manpower for maintenance.Another method of using machine learning to detect advertisement traffic requires aggregation analysis of traffic,does not have real-time performance,and requires high storage performance,and is not suitable for mobile devices.In view of the above situation,this paper proposes a method based on random forest for advertising traffic detection.By comparing the advertising traffic with the natural traffic,the characteristics of the advertising traffic different from the natural traffic are obtained,and the advertising traffic classifier is constructed,which achieves a good classification effect.The classification object is a single flow,and the traffic analysis is not required,which reduces the storage capacity requirements of the device.On this basis,the detection methods of fraudulent advertisements and malicious advertisements are further designed.Based on fraudulent advertisements,the advertisement request message is sent without the user's knowledge.The method of detecting fraudulent advertisements by judging whether the advertisement traffic is from the foreground application is designed.For malicious advertisements,the common attack behaviors of malicious advertisements are studied.The behavior characteristics of attackers exploiting JBOH vulnerability and homology policy vulnerabilities were discovered.According to their behavior characteristics,API HOOK technology was used to detect abnormal traffic.Finally,based on the above method and combined with the filtering list method,this paper implements an anomaly detection system based on advertising traffic.The system deploys machine learning on the server side and supplements the client's filtering list,which not only makes up for the slowness of machine learning,but also ensures the real-time performance of the system,and makes the filtering list self-updating.