| 引用本文: |
-
高尚,张行,季飞,吴越梅,魏冬,张萌.基于移动通信下行控制信息的应用识别方法[J].信息安全学报,已采用 [点击复制]
- gaoshang,zhanghang,jifei,wuyuemei,weidong,zhangmeng.Application Identification Method Based on Downlink Control Information in Mobile Communication[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 移动应用的广泛使用丰富了人们的日常生活,但同时也带来了严重的用户隐私风险。尽管现代移动通信标准已在空口链路中对用户业务数据及其元数据信息实施加密保护,但用于资源调度的控制信令仍以明文形式广播。攻击者可以被动嗅探控制信息并提取其中的调度特征,从而推断用户所使用的应用。尽管近年来已有研究在该领域取得一定进展,但现有基于下行控制信息(Downlink Control Information, DCI)的应用识别方法,在动态网络、开放世界以及应用更新等复杂场景中,仍存在鲁棒性不足的问题。为此,本文提出了DASCL,一种基于下行控制信息的鲁棒且可靠的应用识别框架。具体而言,DASCL首先从DCI中提取调度参数,并通过滑动时间窗口捕捉局部流量模式。其次,DASCL利用监督对比学习提取同一应用在不同网络状态下流量模式之间的相关性,并基于此构建应用在嵌入空间中的分布。最终,DASCL通过计算未知流量与各应用分布之间的相关性,实现准确识别。实验结果表明了DASCL的有效性。在封闭世界场景下,DASCL取得了0.975的平均F1-score;在开放世界场景中,其平均识别精度达到0.92。同时,在不同时段和频段的动态网络条件下,DASCL依然保持稳定的识别性能。此外,在为期28天的概念漂移评估中,DASCL性能波动较小,最大下降幅度不超过7.65%。 |
| 关键词: 移动通信 隐私风险 下行控制信息 应用识别 监督对比学习 |
| DOI: |
| 投稿时间:2025-05-21修订日期:2025-07-26 |
| 基金项目:国家重点研发计划 |
|
| Application Identification Method Based on Downlink Control Information in Mobile Communication |
|
gaoshang1,2, zhanghang1,2, jifei1,2, wuyuemei3, weidong1,2, zhangmeng1,2
|
| (1.Institute of Information Engineering,CAS;2.School of Cyber Security, University of Chinese Academy of Sciences;3.Beijing Institute of Telemetry Technology) |
| Abstract: |
| The extensive adoption of mobile applications has significantly enriched people's daily lives, but it has also introduced substantial risks to user privacy. Although modern mobile communication standards have implemented encryption mechanisms to protect both user data and its associated metadata over the air interface, the control signaling used for resource scheduling continues to be openly broadcast in plaintext. This architectural characteristic creates a potential security vulnerability, as it allows attackers to passively sniff the control information and extract distinct scheduling characteristics, thereby inferring which applications users are engaging with. Although significant progress has been made in this field, existing application identification methods based on Downlink Control Information (DCI) remain insufficiently robust in complex and realistic scenarios, including dynamic network conditions, open-world settings, and frequent application updates. To address these critical challenges, this paper proposes DASCL, a robust and reliable ap-plication identification framework based on downlink control information. Specifically, DASCL first extracts scheduling parameters from DCI and then leverages a sliding time window technique to capture localized traffic patterns effectively. Subsequently, DASCL utilizes a supervised contrastive learning method to extract the correlation among traffic patterns of the same application under different network conditions and constructs their distribution in the embedding space. In the final stage, DASCL computes the similarity between the embedding of unknown traffic and those of known applica-tions in order to achieve accurate identification. Experimental results demonstrate the effectiveness of DASCL. In closed-world scenarios, DASCL achieves an average F1-score of 0.975; in open-world scenarios, it attains an average identification precision of 0.92. Moreover, DASCL consistently maintains stable recognition performance under dynamic network conditions, including variations across both time periods and frequency bands. In addition, in the concept drift evaluation conducted over a 28-day period, DASCL exhibits only minor fluctuations in performance, with a maximum degradation of no more than 7.65%. |
| Key words: mobile communication privacy risk downlink control information application identification supervised contrastive learning |
