基于HTTP流的移动终端设备识别方法研究Research on mobile terminal equipment recognition method based on HTTP traffic
刘翼,詹宇昊
摘要(Abstract):
针对传统的网络终端识别方法对移动设备特征信息的召回率和识别准确率较低,提出一种基于流的移动设备识别方法,从网络流量中准确地提取出移动设备的特征信息。在真实网络流量中,利用所提方法分别对目前流行的Android和iOS移动系统平台设备进行测试。实验结果显示,移动系统平台特征信息覆盖率达91.66%,Android系统平台和iOS系统平台设备识别准确率分别达到92.69%和83.88%;Android系统平台设备型号特征覆盖率达70.12%,识别准确率达到96.15%。
关键词(KeyWords): 移动设备识别;DPI;特征识别;HTTP;Android;iOS
基金项目(Foundation): 2017年国家级大学生创新创业计划项目(201710719047);; 陕西省教育厅科研计划项目资助(14JK1825);; 延安市科学技术研究发展计划项目(2014KG-09)~~
作者(Author): 刘翼,詹宇昊
DOI: 10.16652/j.issn.1004-373x.2018.19.022
参考文献(References):
- [1] TONGAONKAR A. A look at the mobile APP identification landscape[J]. IEEE Internet computing,2016,20(4):9-15.
- [2] DAINOTTI A,PESCAPE A,CLAFFY K C. Issues and future directions in traffic classification[J]. IEEE network,2012,26(1):35-40.
- [3] RANJAN G,TONGAONKAR A,TORRES R. Approximate matching of persistent Lexicon using search-engines for classifying mobile APP traffic[C]//Proceedings of the 35th Annual IEEE International Conference on Computer Communications.[S. l.]:IEEE,2016:1-9.
- [4] CALLADO A,KAMIENSKI C,SZABO G,et al. A survey on Internet traffic identification[J]. IEEE communications surveys&tutorials,2009,11(3):37-52.
- [5] FALAKI H,LYMBEROPOULOS D,MAHAJAN R,et al. A first look at traffic on smartphones[C]//Proceedings of ACM Conference on Internet Measurement. Melbourne:ACM,2010:281-287.
- [6] LUCKIE M,BEVERLY R,WU T,et al. Resilience of deployed TCP to blind attacks[C]//Proceedings of 2015 ACM Conference on Internet Measurement. Tokyo:ACM,2015:13-26.
- [7] CLAISE B,TRAMMELL B,AITKEN P. RFC 7011:specification of the IP flow information export(IPFIX)protocol for the exchange of flow information[S/OL].[2013-09-11]. http://www.openssl.ps.pl/pub/rfc/rfc7011.txt.pdf.
- [8] NDATINYA V,XIAO Z,MANEPALLI V R,et al. Network forensics analysis using Wireshark[J]. International journal of security and networks,2015,10(2):91-106.
- [9] FUENTES F,KAR D C. Ethereal vs. Tcpdump:a comparative study on packet sniffing tools for educational purpose[J]. Journal of computing sciences in colleges,2005,20(4):169-176.
- [10] HUSáK M,VELAN P,VYKOPAL J. Security monitoring of http traffic using extended flows[C]//Proceedings of the 10th International Conference on Availability,Reliability and Security(ARES). Toulouse:IEEE,2015:258-265.
- [11] XU Y,XIONG G,ZHAO Y,et al. Toward identifying and understanding user-agent strings in HTTP traffic[C]//Proceedings of 2014 Asia-Pacific Web Conference. Switzerland:Springer,2014:177-187.