引用本文
  • 张行,魏冬,季飞,黄伟庆,李静,庄理淇.基于时频占用分布特征的移动通信网络空口上行异常流量识别技术研究[J].信息安全学报,已采用    [点击复制]
  • zhanghang,weidong,jifei,huangweiqing,lijing,zhuangliqi.Studying the Air Interface of Mobile Communication Networks to Identify Abnormal Uplink Traffic Utilizing Time-Frequency Occupancy Distribution Characteristics[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 8846次   下载 7168  
基于时频占用分布特征的移动通信网络空口上行异常流量识别技术研究
张行, 魏冬, 季飞, 黄伟庆, 李静, 庄理淇
0
(中国科学院信息工程研究所)
摘要:
利用移动通信网络实施非法位置追踪、窃听窃视等攻击具有高伪装、低成本及难以检测等特点,本文提出一种基于时频占用分布特征的移动通信网络空口上行异常流量识别方法,对移动通信网络上行频段信号进行采集,按照协议规定的时频粒度生成时频资源图,利用ResNet18网络模型对特定区域的移动终端数量及空口上行流量进行精确识别,实现对位置追踪、窃听窃视等非法流量检测。相比传统基于伪基站、网络层及下行流量解析等检测方法,本文所提算法无需任何先验信息,也未侵犯用户隐私,更重要的是本文利用的是上行信号,可支持对特定区域内的非法上行空口流量进行精确检测和定位。针对终端数量和业务类型识别,本文设计了基于信号物理层特征以及网络分包机制的分类识别算法,具备自适应反馈、调整等特点,在多终端多业务同时进行的情况下进行高精度的识别。算法首先将信号的物理特征与图片灰度属性相结合实现了终端数目的识别,在此基础上实现混合业务的分离,并联合物理层资源调度策略以及网络层流量的分包机制对分离出的每个通信业务进行识别,最后通过自适应调整算法,对每层任务的识别结果进行反馈、调整,确保结果真实可信。针对本文提出的算法,利用通用软件无线电(Universal Software Radio Peripheral,USRP)在实际的信道环境下对算法各个部分进行了测试,终端数目识别部分的识别准确率达到96%,通信业务识别准确率达到了98%。
关键词:  移动通信网络安全  上行频谱  异常流量检测  混合业务分离  ResNet18
DOI:10.19363/J.cnki.cn10-1380/tn.2024.02.24
投稿时间:2022-10-17修订日期:2022-12-14
基金项目:国家重点研发计划 2021YFB2910107 ;中科院青年促进创新会Y9YY015104
Studying the Air Interface of Mobile Communication Networks to Identify Abnormal Uplink Traffic Utilizing Time-Frequency Occupancy Distribution Characteristics
zhanghang, weidong, jifei, huangweiqing, lijing, zhuangliqi
(Institute of Information Engineering,CAS)
Abstract:
The use of mobile communication networks to carry out unlawful location tracking, eavesdropping, and other attacks has the advantages of high camouflage, low cost, and difficulty in being discovered. In this paper, a method based on time-frequency occupancy distribution characteristics is proposed for identifying abnormal uplink traffic on the air interface of mobile communication networks. Gather the mobile communication net-work"s uplink frequency band signals, create a time-frequency resource map in accordance with the protocol"s time-frequency granularity specifications, and employ the ResNet18 network model to precisely count the number of mobile terminals in a given area and the uplink traffic of the air interface to detect location tracking, eavesdropping, and other spying techniques. Compared to conventional detection techniques based on network layer, downlink traffic analysis, and a pseudo base station, this paper"s algorithm does not require any prior knowledge and does not infringe on users" privacy, the fact that this article utilizes the uplink signal, which en-ables precise identification and localization of illicit uplink air interface activity in a given area, is more sig-nificant. This research develops a classification and identification method based on the properties of the signal physical layer and the network subcontracting mechanism for the identification of the number of terminals and service types. The method first accomplishes the identification of the number of terminals by combining the physical properties of the signal with the grayscale property of the image, and then realizes the separation of mixed services on this basis. Each communication service is identified, and then, using an adaptive adjustment algorithm, the results of each layer of tasks" identification are fed back and altered to guarantee the veracity and legitimacy of the findings. Using Universal Software Radio Device, the method suggested in this work is tested in its entirety in the context of the actual channel environment. The communication service identification accuracy rate reaches 96%, while the terminal number identification accuracy rate reaches 98%.
Key words:  Security for mobile communication networks  Upstream spectrum  Abnormal traffic detection  Hybrid business separation  ResNet18