留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于TCP流RTT测量的Tethering行为检测架构

戴显龙 程光 陆广垠 金斌磊

戴显龙,程光,陆广垠,等. 基于TCP流RTT测量的Tethering行为检测架构[J]. 北京航空航天大学学报,2023,49(6):1414-1423 doi: 10.13700/j.bh.1001-5965.2021.0463
引用本文: 戴显龙,程光,陆广垠,等. 基于TCP流RTT测量的Tethering行为检测架构[J]. 北京航空航天大学学报,2023,49(6):1414-1423 doi: 10.13700/j.bh.1001-5965.2021.0463
DAI X L,CHENG G,LU G Y,et al. Tethering behavior detection architecture based on RTT measurement of TCP flows[J]. Journal of Beijing University of Aeronautics and Astronautics,2023,49(6):1414-1423 (in Chinese) doi: 10.13700/j.bh.1001-5965.2021.0463
Citation: DAI X L,CHENG G,LU G Y,et al. Tethering behavior detection architecture based on RTT measurement of TCP flows[J]. Journal of Beijing University of Aeronautics and Astronautics,2023,49(6):1414-1423 (in Chinese) doi: 10.13700/j.bh.1001-5965.2021.0463

基于TCP流RTT测量的Tethering行为检测架构

doi: 10.13700/j.bh.1001-5965.2021.0463
基金项目: 国家重点研发计划(2018YFB1800602)
详细信息
    通讯作者:

    E-mail:chengguang@seu.edu.cn

  • 中图分类号: TP393

Tethering behavior detection architecture based on RTT measurement of TCP flows

Funds: National Key R & D Program of China (2018YFB1800602)
More Information
  • 摘要:

    Tethering行为是一种移动设备通过自身传输介质共享其互联网连接服务的行为,其不仅对移动互联网造成运营压力和收益影响,还对移动互联网隐藏其内部网络结构,造成网络安全隐患。由于Tethering存在诸多混淆和规避方法,现有Tethering行为检测技术难以有效检测。鉴于此,分析了移动互联网通信基站中,Tethering行为终端在数据流量的处理、转发等特征,以及移动互联网用户流量中传输控制协议(TCP)流往返时延(RTT)的相关特性,提出一种基于TCP流RTT测量的Tethering检测架构,构建了所提架构的测试网络环境。实验结果表明:所提架构在检测Tethering行为中具有有效性,实现了利用无监督学习和被动监测网络流量对移动互联网中Tethering行为的有效检测,对Tethering行为检测的准确率达到97.50%。

     

  • 图 1  智能终端Tethering行为场景描述

    Figure 1.  Tethering behavior scenario description for smart device

    图 2  本文架构

    Figure 2.  Framework of this paper

    图 3  全流量采集示意图

    Figure 3.  The description of the traffic measurement

    图 4  测试数据集采集与构建

    Figure 4.  Collection and establishment of test dataset

    图 5  去噪声有效性举例(DataSet12)

    Figure 5.  Examples of de-noising effectiveness (DataSet12)

    图 6  准确率混淆矩阵

    Figure 6.  Accuracy confusion matrix

    表  1  实验硬件平台的主要参数

    Table  1.   Main parameters of experiment hardware platform

    序号设备名称型号主要参数
    1模拟基站(PC)Dell Vostro 14-5480CPU:Core i5-5200U;RAM:4 GB;512 GB HDD;OS:Win 8 Pro
    Terrans Force X911CPU:Core i7-4940MX;RAM:32 GB;1TB SSD;OS:Win 10 Pro
    2Tethering设备Huawei P40CPU:Kirin 990 5G;RAM:8 GB;OS:Android 10
    Mi10 ProCPU:snapdragon 865;RAM:12 GB;OS:Android 11
    Mi11 UltraCPU:snapdragon 888;RAM:12 GB;OS:Android 11
    3挂载设备(手机)iPhone 6CPU:Apple A8;OS:ios 12.5.4
    iPhone 8 PlusCPU:Apple A11;OS:ios 14.6
    Redmi 7CPU:snapdragon 632;OS:Android 9
    Mi10 ProCPU:snapdragon 865;OS:Android 11
    Mi11 UltraCPU:snapdragon 888;OS:Android 11
    Mi9CPU:snapdragon 855;OS:Android 11
    4挂载设备(PC)ThinkPad X1C 2016CPU:Core i7-6600U;RAM:8 GB;OS:Win 10 Pro
    下载: 导出CSV

    表  2  实验数据集信息

    Table  2.   Information of datasets in the experiment

    数据集Tethering模式手机设备型号待测设备IP地址大小/MB分组个数
    DataSet1无Tetheringiphone6192.168.137.10910031000000
    DataSet2无TetheringP40192.168.137.1579121000000
    DataSet3无TetheringP40192.168.137.157412600000
    DataSet4TetheringD+AP40、iphone6192.168.137.1579731000000
    DataSet5TetheringD+AP40、iphone6192.168.137.1579101000000
    DataSet6TetheringD+AP40、iphone6192.168.137.1579001000000
    DataSet7TetheringD+AP40、iphone6192.168.137.1579431000000
    DataSet8TetheringD+AP40、iphone6192.168.137.157466500000
    DataSet9TetheringD+AP40、iphone6192.168.137.157439500000
    DataSet10TetheringD+A+BP40、iphone6、iphone8 Plus192.168.137.1579611000000
    DataSet11TetheringD+A+B+CP40、iphone6、iphone8 Plus、Redmi7192.168.137.15719352000000
    DataSet12无TetheringMi10 Pro192.168.137.2389841000000
    DataSet13无TetheringMi11 Ultra192.168.137.1421024903103
    DataSet14TetheringD+AMi10 Pro、Mi11 Ultra192.168.137.23811361200000
    DataSet15TetheringD+AMi11 Ultra、Mi10 Pro192.168.137.14212181400000
    DataSet16TetheringD+A+B+CMi10 Pro、Mi11 Ultra、Mi9、X1C192.168.137.23811571200000
    DataSet17TetheringD+A+B+CMi11 Ultra、Mi10 Pro、Mi9、X1C192.168.137.14213721500000
    DataSet18TetheringD+AP40、X1C192.168.137.157859909785
    DataSet19无TetheringP40192.168.137.157376403776
    下载: 导出CSV

    表  3  数据集实验结果

    Table  3.   Experimental results of data sets

    数据集Tethering模式RTT数量n_clusters
    DataSet1无Tethering11761
    DataSet2无Tethering63471
    DataSet3无Tethering78501
    DataSet4TetheringD+A34352
    DataSet5TetheringD+A19792
    DataSet6TetheringD+A27542
    DataSet7TetheringD+A23589
    DataSet8TetheringD+A4232
    DataSet9TetheringD+A18202
    DataSet10TetheringD+A+B32512
    DataSet11TetheringD+A+B+C63772
    DataSet12无Tethering22791
    DataSet13无Tethering18771
    DataSet14TetheringD+A51684
    DataSet15TetheringD+A44972
    DataSet16TetheringD+A+B+C41717
    DataSet17TetheringD+A+B+C260619
    下载: 导出CSV

    表  4  DataSet18和DataSet19构建测试集分类结果

    Table  4.   Classification results of test dataset built by DataSet18 and DataSet19

    标签名称标签总个数分类结果准确率/%
    Tethering无Tethering
    Tethering4312420410897.50
    无Tethering34001006239470.41
    下载: 导出CSV
  • [1] WIKI. Tethering[EB/OL]. (2020-03-08) [2021-03-21]. https://en.wikipedia.org/wiki/Tethering.
    [2] CHOI J. Detection of misconfigured Wi-Fi tethering in managed networks[J/OL]. Preprints, 2020, (2020-03-08) [2021-03-21]. https://www.preprints.org/manuscript/202002.0189/v1. DOI: 10.20944/PREPRINTS202002.0189.V1.
    [3] We Are Social. Digital 2023: China[EB/OL]. (2021-02-09) [2021-03-21].https://datareportal.com/reports/digital-2023-China.
    [4] 胡治国, 田春岐, 杜亮, 等. IP网络性能测量研究现状和进展[J]. 软件学报, 2017, 28(1): 105-134.

    HU Z G, TIAN C Q, DU L, et al. Current research and future perspective on IP network performance measurement[J]. Journal of Software, 2017, 28(1): 105-134(in Chinese).
    [5] DALAL P, SARKAR M, KOTHARI N, et al. Refining TCP’s RTT dependent mechanism by utilizing link retransmission delay measurement in wireless LAN[J]. International Journal of Communication Systems, 2017, 30(5): 1-20.
    [6] CISCO. Cisco ASR 5000 ECS Administration Guide StarOS Release 21.18[EB/OL]. (2020-10-05)[2021-03-21]. https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/21-18_6-12/ECS-Admin/21-18-ECS-Admin/21-17-ECS-Admin_chapter_011000.html#id_39377.
    [7] STRAKA K, MANES G. Passive detection of nat routers and client counting[C]//Advances in Digital Forensics II: IFIP international Conference on Digital Forensics. Berlin: Springer , 2006: 239-246.
    [8] MAIER G, SCHNEIDER F, FELDMANN A. NAT usage in residential broadband networks[C]//International Conference on Passive and Active Network Measurement. Berlin: Springer, 2011: 32-41.
    [9] PARK H, SHIN S, ROH B, et al. Identification of hosts behind a NAT device utilizing multiple fields of IP and TCP[C]//2016 International Conference on Information and Communication Technology Convergence. Piscataway: IEEE Press, 2016: 484-486.
    [10] ZHANG B, GUAN Y, NIU W, et al. A hybrid packet clustering approach for NAT host analysis[C]//2015 IEEE International Conference on Communication Software and Networks. Piscataway: IEEE Press, 2015: 432-438.
    [11] ABT S, DIETZ C, BAIER H, et al. Passive remote source NAT detection using behavior statistics derived from netflow[C]//IFIP International Conference on Autonomous Infrastructure, Management and Security. Berlin: Springer, 2013: 148-159.
    [12] GOKCEN Y, FOROUSHANI V A, HEYWOOD A N Z. Can we identify NAT behavior by analyzing traffic flows?[C]//2014 IEEE Security and Privacy Workshops. Piscataway: IEEE Press, 2014: 132-139.
    [13] KOMAREK T, GRILL M, PEVNY T. Passive NAT detection using HTTP access logs[C]//2016 IEEE International Workshop on Information Forensics and Security. Piscataway: IEEE Press, 2016: 1-6.
    [14] SALOMONSSON S. Exploring NAT host counting using network traffic flows[D]. Karlstad : Sweden Karlstad University, 2017: 59-73.
    [15] KHATOUNI A S, ZHANG L, AZIZ K, et al. Exploring NAT detection and host identification using machine learning[C]//2019 15th International Conference on Network and Service Management. Piscataway: IEEE Press, 2019: 1-8.
    [16] IBRAHIM M, LIU H, JAWAHAR M, et al. Verification: Accuracy evaluation of Wi-Fi fine time measurements on an open platform [C]//Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. New York: ACM , 2018: 417-427.
    [17] HAN K, YU S M, KIM S L, et al. Exploiting user mobility for Wi-Fi RTT positioning: A geometric approach[J]. IEEE Internet of Things Journal, 2021, 8(19): 14589-14606. doi: 10.1109/JIOT.2021.3070367
    [18] ROY A K, KHAN A K. Privacy preservation with RTT-based detection for wireless mesh networks[J]. IET Information Security, 2020, 14(4): 391-400. doi: 10.1049/iet-ifs.2019.0492
    [19] HOU B, HOU C, ZHOU T, et al. Detection and characterization of network anomalies in large-scale RTT time series[J]. IEEE Transactions on Network and Service Management, 2021, 18(1): 793-806. doi: 10.1109/TNSM.2021.3050495
    [20] CHENG Y. Mean shift, mode seeking, and clustering[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1995, 17(8): 790-799. doi: 10.1109/34.400568
    [21] COMANICIU D. An algorithm for data-driven bandwidth selection[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2003, 25(2): 281-288.
  • 加载中
图(6) / 表(4)
计量
  • 文章访问数:  255
  • HTML全文浏览量:  79
  • PDF下载量:  19
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-08-13
  • 录用日期:  2021-11-14
  • 网络出版日期:  2021-11-23
  • 整期出版日期:  2023-06-30

目录

    /

    返回文章
    返回
    常见问答