| 引用本文: |
-
季飞,雷正朝,张行,魏冬,黄伟庆,王宝吉.基于上行共享信道时频占用特征的移动通信空口流量分析技术[J].信息安全学报,已采用 [点击复制]
- jifei,Lei Zhengchao,Zhang Hang,Wei Dong,Huang Weiqing,Wang Baoji.Mobile communication air-interface traffic classification technology based on uplink shared channel time-frequency occupation characteristics[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 移动通信领域中存在诸多安全技术保障用户流量内容不被窃听者窃取,却忽略了流量传输大小、时间信息仍可被用来完成对用户行为、APP等隐私的识别。并且由于空口无线数据传输的开放性,将用户流量暴露给了所有嗅探设备,导致用户隐私泄露风险进一步提高。本文从协议层面分析了该泄露风险产生机制,并提出基于上行共享信道时频占用特征的移动通信空口流量分析技术,验证了移动通信物理层存在的信息泄露风险。首先,该技术采集物理层电磁信号,基于信号处理与时频分析技术还原用户流量大小和时间信息;在此基础上,基于自注意力机制与并行残差神经网络实现用户行为与应用程序的分类;进一步,基于分布相似性比较的半监督方法实现陌生流量的滤除,避免实际环境中广泛存在的类外流量与背景流量误分类导致模型效果下降,有效提升该技术的实用性。针对本文提出的流量分析技术,我们在实际通信过程所产生流量数据集上进行了充分实验,实验结果表明,本文所提出技术可以在短时间内完成对流量所属APP及行为的识别,识别准确率分别为98.3%和96.9%。同时,陌生流量滤除机制可达到90.6%目标流量通过率和89.5%陌生流量滤除率。文章最后讨论了用户行为模式与网络环境对本文猝发性流量分类效果的影响,基于动态时间规整算法验证了猝发性流量短时上下文信息不受网络接入用户数目、用户行为模式以及网络拥挤程度的影响,进一步验证了本文所提出基于移动通信物理层上行信号的空口流量分析技术的鲁棒性。 |
| 关键词: 物理层流量分类 时频分析 分布匹配机制 深度学习 |
| DOI: |
| 投稿时间:2024-10-12修订日期:2025-01-16 |
| 基金项目:国家重点研发计划 |
|
| Mobile communication air-interface traffic classification technology based on uplink shared channel time-frequency occupation characteristics |
|
jifei1, Lei Zhengchao2, Zhang Hang1, Wei Dong1, Huang Weiqing1, Wang Baoji2
|
| (1.Institute of Information Engineering,CAS;2.National Computer Network Emergency Response Technical Team/Coordination Center of China) |
| Abstract: |
| In mobile communication, numerous security technologies are proposed to ensure that the content of user traffic is not decrypted by eavesdroppers, yet the volume and time information of the traffic can still be used to identify user behavior, apps, and other privacy-related information. The wireless data transmission mechanism exposes user traffic to all sniffing devices, further increasing the risk of user privacy leakage. This paper analyzes the mechanism of the leakage risk from the protocol level and proposes a mobile communication air interface traffic analysis scheme based on the time-frequency occupancy characteristics of the uplink shared channel. Firstly, the technology captures physical layer electromagnetic data, enabling the reconstruction of user traffic volume and time information with signal processing and time-frequency analysis techniques. On this basis, we employs self-attention mechanisms and parallel residual neural networks to classify user behavior and applications. Further, a semi-supervised method based on distribution similarity comparison is implemented to filter out unknown traffic, alleviating the misclassification of out-of-class traffic and background traffic widely present in actual scenarios, which leads to a decline in model performance. This effectively enhances the practicality of the technology. To validate the effectiveness of the traffic analysis technology, we conducted comprehensive experiments on the traffic dataset generated during actual communication processes. The results of the experiments demonstrate that the technology presented in this paper is capable of quickly identifying the APP and behavior categories within a short period of time, with accuracy reaching 98.3% and 96.9%, respectively. Additionally, the algorithm for filtering out strange traffic has achieved a target traffic pass rate of 90.6% and an strange traffic exclusion rate of 89.5%. Finally, based on the Dynamic Time Warping (DTW) algorithm, this paper verifies that the short-term contextual information of burst traffic is not influenced by the number of network access users, user behavior patterns, or the level of network congestion. This further validates the robustness of the air interface traffic analysis technology proposed in this paper, which is based on uplink signals from the physical layer of mobile communication. |
| Key words: Physical layer traffic classification Time frequency analysis Distribution matching mechanism Deep learning |
