结合机器学习的SSR代理下App流量识别方法

doi:10.19665/j.issn1001-2400.2023.02.014

Abstract

Abstract:

An App traffic identification scheme based on machine learning under ShadowSocksR (SSR) proxy is proposed with the purpose being to identify from which APP the ShadowSocksR proxy traffic generated by the smartphone originates.The scheme consists of three steps:traffic preprocessing,feature extraction and model construction.First,the packet set corresponding to the ShadowSocksR traffic generated by smartphones is divided into fine-grained stream data groups according to the arrival time interval,source and destination IP address and port,and then the stream data groups containing fewer packets are further filtered with the purpose being to filter out noise traffic generated by the background App or smart phone operating system that interferes with traffic identification.Then,from the filtered flow data grouping set,the statistical features and distribution features of packet length,time statistical features,packet frequency features,packet filtering ratio features,and the combined features of the front and rear streams are extracted to form a feature matrix,which is input into the machine learning algorithm.An app traffic identification model for the ShadowSocksR traffic that needs to be identified is obtained,and after the feature matrix is obtained through the same processing steps,the flow identification results can be obtained by inputting the App traffic identification model.Experimental results show that the traffic identification method can reach an accuracy rate of more than 97% for App traffic identification under ShadowSocksR proxy.

Key words: ShadowSocksR, smartphone app traffic identification, machine learning

CLC Number:

TP309

GUO Gang,YANG Chao,CHEN Mingzhe,MA Jianfeng. App traffic identification under ShadowSocksR proxy with machine learning[J].Journal of Xidian University, 2023, 50(2): 138-146.

Figures/Tables 7

References 21

[1]	人民网研究院. <中国移动互联网发展报告(2021)>正式发布(2021)[EB/OL].[2021-07-22]. http://finance.people.com.cn/n1/2021/0722/c1004-32166880.html.
[2]	QuestMobile研究院. QuestMobile 中国移动互联网2021半年大报告[EB/OL].[2021-07-27]. https://www.questmobile.com.cn/research/report-new/164.
[3]	运行监测协调局. 2021 年通信业统计公报(2022)[EB/OL].[2022-01-25]. https://www.miit.gov.cn/gxsj/tjfx/txy/art/2022/art_e8b64ba8f29d4ce18a1003c4f4d88234.html.
[4]	LUO J, BAO L, NI L. AMethod of Shadowsocks(r) Traffic Identification Based on Protocol Analysis[C]// 2021 IEEE 21st International Conference on Communication Technology (ICCT).Piscataway:IEEE, 2021:6-10.
[5]	JI Q, DENG X, NI L, et al. Research on Shadowsocks(R) Traffic Identification Based on Xgboost Algorithm[C]//International Conference on Intelligent and Interactive Systems and Applications. Heidelberg:Springer, 2020:53-61.
[6]	JI Q, DENG X, NI L. Research on Shadowsocks(r) Traffic Identification Based on Dart Algorithm[C]// 2021 7th Annual International Conference on Network and Information Systems for Computers (ICNISC).Heidelberg:Springer, 2021:666-672.
[7]	TAYLOR V F, SPOLAOR R, CONTI M, et al. Appscanner:Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic[C]//2016 IEEE European Symposium on Security and Privacy(EuroS&P). Piscataway:IEEE, 2016:439-454.
[8]	TAYLOR V F, SPOLAOR R, CONTI M, et al. Robust Smartphone App Identification via Encrypted Network Traffic Analysis[J]. IEEE Transactions on Information Forensics and Security, 2018, 13:63-78. doi: 10.1109/TIFS.2017.2737970
[9]	ADI E, BAIG Z A, HINGSTON P. Stealthy Denial of Service (DoS) Attack Modelling and Detection for HTTP/2 Services[J]. Journal of Network and Computer Applications, 2017, 91:1-13. doi: 10.1016/j.jnca.2017.04.015
[10]	DRAPER-GIL G, LASHKARI A H, MAMUN M S I, et al. Characterization of Encrypted and Vpn Traffic Using Time-Related[C]//Proceedings of the 2nd International Conference on Information Systems security and Privacy(ICISSP). Rome:ICISSP, 2016:407-414.
[11]	ERTAM F, AVCI E. A New Approach for Internet Traffic Classification:GA-WK-ELM[J]. Measurement, 2017, 95:135-142. doi: 10.1016/j.measurement.2016.10.001
[12]	曾勇, 吴正远, 董丽华, 等. 加密流量中的恶意流量识别技术[J]. 西安电子科技大学学报, 2021, 48(3):170-187.
	ZENG Yong, WU Zhengyuan, DONG Lihua, et al. Research on Malicious Traffic Identification Technology in Encrypted Traffic[J]. Journal of Xidian University, 2021, 48(3):170-187.
[13]	FALAKI H, LYMBEROPOULOS D, MAHAJAN R, et al. A First Look at Traffic on Smartphones[C]// Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement. New York: ACM, 2010:281-287.
[14]	MONGKOLLUKSAMEE S, VISOOTTIVISETH V, FUKUDA K. Combining Communication Patterns & Traffic Patterns to Enhance Mobile Traffic Identification Performance[J]. Journal of Information Processing, 2016, 24:247-254. doi: 10.2197/ipsjjip.24.247
[15]	BOCCHI E, GRIMAUDO L, MELLIA M, et al. Magma Network Behavior Classifier for Malwaretraffic[J]. Computer Networks, 2016, 109:142-156. doi: 10.1016/j.comnet.2016.03.021
[16]	JAKALAN A, GONG J, SU Q, et al. Social Relationship Discovery of IP Addresses in the Managed IP Networks by Observing Traffic at Network Boundary[J]. Computer Networks, 2016, 100:12-27. doi: 10.1016/j.comnet.2016.02.012
[17]	AKKARIIIN, BREAKWA11. ShadowsocksR协议插件文档(2021)) [EB/OL].[2021-08-8]. https://github.com/shadowsocksrr/shadowsocks-rss/blob/master/ssr.md.
[18]	王岁兴. shadowsocks 及其代理的 app 流量识别研究[D]. 西安: 西安电子科技大学, 2021.
[19]	KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC:Multilevel Traffic Classification in the Dark[C]// Proceedings of the 2005 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications. New York: ACM, 2005:229-240.
[20]	KORCZYИSKI M, DUDA A. Markov Chain Fingerprinting to Classify Encrypted Traffic[C]// IEEEINFOCOM 2014 - IEEE Conference on Computer Communications.Piscataway:IEEE, 2014:781-789.
[21]	XIANG C, CHEN Q, XUE M, et al. APPCLASSIFIER:Automated App Inference on Encrypted Traffic via Meta Data Analysis[C]//2018 IEEE Global Communications Conference (GLOBECOM). Piscataway:IEEE, 2018:1-7.

数据集名称	设备编号	设备型号	大小/GB	包含flow数量
M1-Test	M1	m1meatl	0.930	426 3
M2-Test	M2	m1 metal	0.886	433 6
M3-Test	M3	m3 note	0.830	410 5
H1-Test	H1	Honor 6	1.120	370 6
H2-Test	H2	Honor 6	1.110	470 3
S1-Test	S1	SM-G9208	0.604	416 4
M1-Train	M1	m1 meatl	12.400	862 66
M2-Train	M2	m1 meatl	12.800	900 51

训练数据集	算法	准确率	精确率	召回率	F1-score
	XGBClassifier	1.00	1.00	1.00	1.00
M1-Train	RF	0.98	0.98	0.98	0.98
	SVM	0.88	0.86	0.88	0.86
	GNB	0.75	0.76	0.75	0.74
	XGBClassifier	0.99	0.99	0.99	0.99
M2-Train	RF	0.98	0.98	0.98	0.98
	SVM	0.84	0.83	0.84	0.83
	GNB	0.75	0.76	0.76	0.72

训练集	测试集	准确率	精确率	召回率	F1-score
M1-Train	M1-Test	0.980	0.980	0.982	0.980
M2-Train	M2-Test	0.968	0.968	0.964	0.965
加权平均		0.974	0.974	0.973	0.972

训练集	测试集	准确率	精确率	召回率	F1-score
M1-Train	M2-Test	0.968	0.968	0.966	0.966
	M3-Test	0.973	0.973	0.974	0.973
M2-Train	M1-Test	0.962	0.962	0.966	0.963
	M3-Test	0.979	0.979	0.979	0.979
加权平均		0.970	0.970	0.971	0.970

训练集	测试集	准确率	精确率	召回率	F1-score
M1-Train+	H1-Test	0.986	0.986	0.985	0.986
M2-Train	H2-Test	0.979	0.979	0.979	0.979
	S1-Test	0.960	0.960	0.966	0.963
加权平均		0.975	0.975	0.976	0.976

App traffic identification under ShadowSocksR proxy with machine learning

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 21

Related Articles 7

Metrics

Comments

Recommended 10

[1]	LI Wenhua,DONG Lihua,ZENG Yong. Analysis and improvement of the security of the key-nets homomorphic encryption scheme [J]. Journal of Xidian University, 2023, 50(1): 192-202.
[2]	QIAO Wenxin,LU Yu,LIU Yicen,LI Zhiwei,LI Xi. Dynamic scheduling method for service function chains in space air terrestrial aided edge cloud networks [J]. Journal of Xidian University, 2022, 49(2): 79-88.
[3]	ZENG Yong,WU Zhengyuan,DONG Lihua,LIU Zhihong,MA Jianfeng,LI Zan. Research on malicious traffic identification technology in encrypted traffic [J]. Journal of Xidian University, 2021, 48(3): 170-187.
[4]	WANG Junxiang,HUANG Lin,ZHANG Ying,NI Jiangqun,LIN Lang. Algorithm for the detection of a low complexity contrast enhanced image source [J]. Journal of Xidian University, 2021, 48(1): 96-106.
[5]	ZHANG Shudong,GAO Haichang,CAO Xiwen,KANG Shuai. Adaptive fast and targeted adversarial attack for speech recognition [J]. Journal of Xidian University, 2021, 48(1): 168-175.
[6]	YAN Lin,LIU Kai,DUAN Meiyu. Lightweight deep neural network for point cloud classification [J]. Journal of Xidian University, 2020, 47(2): 46-53.
[7]	LI Juan;WANG Yuping. New nearest neighbor affinity similarity function based on separation and compactness between samples [J]. J4, 2014, 41(3): 123-130.