| 引用本文: |
-
庄理淇,罗吉文,张行,魏冬,张萌,黄伟庆.基于移动通信网络下行控制信息的终端刻画技术[J].信息安全学报,已采用 [点击复制]
- zhuangliqi,luojiwen,zhanghang,weidong,zhangmeng,huangweiqing.Terminal Profiling Technique Based on Downlink Control Information in Mobile Communication Network[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 移动通信网络无线传输在便利人们生活的同时,也使终端面临隐私泄露风险。尽管加密技术已被广泛应用,但移动通信网络的下行控制信息可以被接收解析,用于刻画终端品牌、型号及行为特征。现有基于下行控制信息的终端行为分析技术大多假设终端处于连续传输状态,尚未考虑终端在业务态与待机态之间切换的现实通信场景。此外,现有利用上行通信信令解析的终端品牌的识别方法存在捕获难度大等问题。针对上述问题,本文提出一种基于移动通信网络下行控制信息的终端多维度刻画技术。首先,该技术提出一种基于滑动窗口滤波的动态流量识别与分离机制,通过分析终端频谱资源调度率等时序特征,自适应地识别业务流量与背景流量。其次,利用背景流量主要源自终端系统服务定期上报这一特性,分析流量调度周期性、资源块占用等统计特征,并基于梯度提升决策树算法实现终端品牌识别。最后,该技术转换分离的业务流量为结构化时序表征,输入至嵌入多头注意力机制的CNN模型进行训练,实现应用程序识别。本文对所提方法在移动通信模拟环境中进行了实验验证。实验结果表明,该方法应用程序识别准确率达96.74%,终端品牌识别准确率达88%,验证了其有效性。此外,针对终端型号、操作系统版本、时间窗口长度等多种现实因素进行测试,识别准确率达到90%以上,进一步证明了该技术在实际通信场景下的适用性与稳定性。 |
| 关键词: 移动通信网络 背景流量 应用程序识别技术 下行控制信息 |
| DOI: |
| 投稿时间:2025-12-16修订日期:2026-03-24 |
| 基金项目:国家重点研发计划 |
|
| Terminal Profiling Technique Based on Downlink Control Information in Mobile Communication Network |
|
zhuangliqi1, luojiwen2, zhanghang1, weidong1, zhangmeng1, huangweiqing1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.CASIC Research Institute of Intelligent Decision Engineering) |
| Abstract: |
| While facilitating daily life, wireless transmission in mobile communication networks also exposes terminals to privacy leakage risks. Although encryption technologies have been widely adopted, downlink control information in mobile networks can still be received and parsed, enabling the profiling of terminal brands, models, and behavioral characteristics. Existing terminal behavior analysis techniques based on downlink control information predominantly assume continuous transmission states and seldom account for real-world scenarios where terminals frequently switch between active and idle modes. Moreover, current methods for identifying terminal brands by parsing uplink signaling suffer from challenges such as high capture complexity. To address these issues, this paper proposes a multi-dimensional terminal profiling technique based on downlink control information. First, a dynamic traffic identification and separation mechanism based on sliding window filtering is introduced, which adaptively distinguishes between service traffic and background traffic by analyzing temporal features such as spectrum resource scheduling rate. Second, leveraging the characteristic that background traffic primarily originates from periodic system service reporting, statistical features including traffic scheduling periodicity and resource block occupancy are extracted, and terminal brand identification is achieved using a gradient boosting decision tree ensemble algorithm. Finally, the separated service traffic is transformed into structured temporal representations and fed into a CNN model integrated with an attention mechanism for training, enabling accurate application identification. The proposed method is experimentally validated in a simulated mobile communication environment. Results show that the approach achieves 96.74% accuracy in application identification and 88% accuracy in terminal brand recognition, confirming its effectiveness. Furthermore, robustness tests incorporating various practical factors, such as terminal model, operating system version, and time window length, consistently yield identification accuracy above 90%, demonstrating the technique""s applicability and stability in complex real-world environments. |
| Key words: Mobile communication network Background traffic Application identification technology Downlink control information |
