Research On Mobile Application Network Behavior Analysis Technology

With the continuous development of the mobile Internet,various mobile applications are constantly emerging,and the security issues they face are becoming more and more serious.Through network behavior analysis of mobile applications,it is possible to effectively grasp the characteristics of mobile applications' communication behavior and information transmission modes,which helps to achieve more refined management and protection of the mobile Internet.Traditional network behavior analysis methods mainly include static detection analysis and dynamic debugging analysis.Due to the difference of development technologies in mobile applications,such methods are often difficult to implement and costly,while network traffic analysis can more efficiently extract characteristics of network behavior,and it's more universal.Therefore,based on researching the existing network behavior analysis technologies,this thesis proposes mobile application recognition and network behavior detection methods from the characteristics of network traffic flows.According to the characteristics of data flows and data packets in the process of mobile application communication,we analyzed and extracted the communication feature elements of various types of mobile applications and various network behaviors to form a mobile application communication feature library,and on this basis,we built the data flow labeling model and the network behavior detection model to deal with on-demand detection of mobile applications and their network behavior,as well as identification and verification of unknown network traffic.The main work of this thesis includes:(1)Testing and analyzing multi-category mobile applications,studying the distinguishing features of mobile application communication features.(2)Mobile application identification and data flow labeling model is proposed.We use the feature information of network data flow,and combine information clustering and similar data flow retrieval to realize mobile application identification and extraction of related data flows.(3)A network behavior detection method is proposed,and a network behavior detection model is constructed based on the random forest algorithm for mobile applications.The network traffic is reasonably discretized to obtain multiple sets of network behavior feature vectors for the model input.The model is trained by selecting sample data of the corresponding mobile application in the behavior feature library to detect and identify the network behavior in the traffic.(4)A prototype system for mobile application network behavior analysis is designed and implemented,which supports the extraction of feature elements for mobile application network behavior,mobile application network behavior analysis,and visual display of analysis results and feature libraries.Based on the proposed method and prototype system,we tested and analyzed 90 different types of mobile applications.After experimental verification,the accuracy rate of related mobile application detection reached 96.6%,and 92.89% network behavior detection had an accuracy rate greater than 90%.