3,201 research outputs found
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic
Machine learning (ML) is promising in accurately detecting malicious flows in
encrypted network traffic; however, it is challenging to collect a training
dataset that contains a sufficient amount of encrypted malicious data with
correct labels. When ML models are trained with low-quality training data, they
suffer degraded performance. In this paper, we aim at addressing a real-world
low-quality training dataset problem, namely, detecting encrypted malicious
traffic generated by continuously evolving malware. We develop RAPIER that
fully utilizes different distributions of normal and malicious traffic data in
the feature space, where normal data is tightly distributed in a certain area
and the malicious data is scattered over the entire feature space to augment
training data for model training. RAPIER includes two pre-processing modules to
convert traffic into feature vectors and correct label noises. We evaluate our
system on two public datasets and one combined dataset. With 1000 samples and
45% noises from each dataset, our system achieves the F1 scores of 0.770,
0.776, and 0.855, respectively, achieving average improvements of 352.6%,
284.3%, and 214.9% over the existing methods, respectively. Furthermore, We
evaluate RAPIER with a real-world dataset obtained from a security enterprise.
RAPIER effectively achieves encrypted malicious traffic detection with the best
F1 score of 0.773 and improves the F1 score of existing methods by an average
of 272.5%
- …