Research On Traffic Signature Extraction Technology For Mobile Applications

With the popularity and development of mobile internet,the scale of mobile applications has grown rapidly.How to efficiently and accurately identify the traffic of mobile applications is of great significance to network operators and network security service providers.This is the premise for researching differential services,traffic control,intrusion detection,malicious application identification,and user behavior analysis.The identification of mobile application network traffic is very challenging due to the openness of mobile applications and the relevance and diversity of data sources.In order to effectively identify mobile application network traffic,it is necessary to obtain fine-grained signatures that are different from other application.In view of the fact that mobile applications are mainly based on HTTP/HTTPS protocol for data transmission,this thesis had carried out related research on mobile application HTTP traffic and HTTPS traffic signature extraction technology.The main work of this thesis is as follows:(1)Based on the tagged traffic collection tool——Netlog,42 popular android applications traffic were collected in a diverse environment.Netlog uses the VPN service module provided by android to listen to the interfaces of all applications on the device,and can accurately map network traffic to specific applications.The 42 common applications include highly independent applications,as well as applications with the same company with the highest degree of relevance.The network traffic data set collectedted in this thesis can be used for mobile application traffic identification research.(2)In order to effectively identify the HTTP traffic of different mobile applications,especially the application traffic with high correlation,a HTTP traffic signature extraction method combining application ID and structured signature was proposed.First,the application ID was obtained from the application market as signature,which is the unique identifier for the operating system to identify applications.Secondly,for the HTTP traffic which cannot be identified by application ID signature,this thesis proposed a structured signature extracting method,which avoided the problem of low signature precision caused by the pre-designed signature structure.The structured signature represent highly similar interaction behavior.The experimental results showed that the proposed method had a better recognition effect for mobile application HTTP traffic.(3)Based on the detailed analysis of HTTPS implementation mechanism,HTTPS signatures were constructed by the parameters in the packet generated by the client in TLS handshake.The experimental results showed that the signature extraction method proposed in this thesis had a certain recognition effect on mobile application HTTPS stream,and it was an exploration of using DPI technology to identify HTTPS traffic.