基于大小突发块划分的微信支付行为识别模型

doi:10.11772/j.issn.1001-9081.2019122063

计算机应用 ›› 2020, Vol. 40 ›› Issue (7): 1970-1976.DOI: 10.11772/j.issn.1001-9081.2019122063

基于大小突发块划分的微信支付行为识别模型

梁登高¹, 周安民¹, 郑荣锋², 刘亮¹, 丁建伟³

1. 四川大学网络空间安全学院, 成都 610065;
2. 四川大学电子信息学院, 成都 610065;
3. 中国电子科技集团公司第三十研究所保密通信重点实验室, 成都 610041

收稿日期:2019-12-06 修回日期:2020-02-21 发布日期:2020-04-23 出版日期:2020-07-10
通讯作者: 郑荣锋
作者简介:梁登高(1995-),男,贵州兴仁人,硕士研究生,主要研究方向:网络流量分析、恶意流量分析;周安民(1963-),男,四川成都人,研究员,主要研究方向:安全防御管理、移动互联网安全;郑荣锋(1990-),男,重庆人,博士研究生,主要研究方向:信息系统安全;刘亮(1982-),男,四川叙永人,高级工程师,博士研究生,主要研究方向:系统安全、恶意代码分析、漏洞挖掘与利用、网络应用安全;丁建伟(1986-),男,四川自贡人,高级工程师,博士,主要研究方向:网络威胁情报、暗网数据分析。
基金资助:
国家重点研发计划项目（2016YFE0206700）。

WeChat payment behavior recognition model based on division of large and small burst blocks

LIANG Denggao¹, ZHOU Anmin¹, ZHENG Rongfeng², LIU Liang¹, DING Jianwei³

1. College of Cybersecurity, Sichuan University, Chengdu Sichuan 610065, China;
2. College of Electronics and Information Engineering, Sichuan University, Chengdu Sichuan 610065, China;
3. Science and Technology on Communication Security Laboratory, The 30 th Research Institute of China Electronics Technology Group Corporation, Chengdu Sichuan 610041, China

Received:2019-12-06 Revised:2020-02-21 Online:2020-04-23 Published:2020-07-10
Supported by:
This work is partially supported by National Key Research and Development Program of China (2016YFE0206700).

摘要/Abstract

摘要： 针对微信红包与转账功能被用于红包赌博、非法交易等违法活动，且现有的研究工作难以识别微信中收发红包与转账行为的具体次数，以及存在低识别率和高资源消耗的问题，提出了一种划分大、小流量突发块的方法来提取流量特征，从而对收发红包与转账行为进行有效识别。首先，利用收发红包与转账行为流量的突发性，设定大突发时间阈值将这类行为的流量突发块分隔开；然后，针对收发红包与转账行为由多次连续的用户操作组成的特性，设定小突发阈值将流量块进一步细化为小突发块；最后，综合大突发块中各个小突发块的特征，得到最终的特征。实验结果显示，该方法在时间效率、空间占用率、识别准确率、算法普适性等方面普遍优于微信支付行为识别方面的现有研究，平均准确率最高可达97.58%。真实场景的测试结果表明，所提出的方法基本能准确识别出一段时间内用户收发红包与转账行为的次数。

关键词: 微信, 红包与转账, 流量突发块, 加密流量, 机器学习

Abstract: For the facts that WeChat red packet and fund transfer functions are used for illegal activities such as red packet gambling and illegal transactions, and the existing research work in this field is difficult to identify the specific numbers of sending and receiving red packets and fund transfers in WeChat, and there are problems of low recognition rate and high resource consumption, a method for dividing large and small burst blocks of traffic was proposed to extract the characteristics of traffic, so as to effectively identify the sending and receiving of red packets and the transfer behaviors. Firstly, by taking advantage of the suddenness of sending and receiving red packets and fund transfers, a large burst time threshold was set to define the burst blocks of such behaviors. Then, according to the feature that the behaviors of sending and receiving red packets and fund transfers consist of several consecutive user operations, a small burst threshold was set to further divide the traffic block into small bursts. Finally, synthesizing the features of small burst blocks in the big burst block, the final features were obtained. The experimental results show that the proposed method is generally better than the existing research on WeChat payment behavior recognition in terms of time efficiency, space occupancy rate, recognition accuracy and algorithm universality, with an average accuracy rate up to 97.58%. The test results of the real environment show that the proposed method can basically accurately identify the numbers of sending and receiving red packets and fund transfers for a user in a period of time.

Key words: WeChat, red packet and fund transfer, traffic burst, encrypted traffic, machine learning

中图分类号:

TP393.08

梁登高, 周安民, 郑荣锋, 刘亮, 丁建伟. 基于大小突发块划分的微信支付行为识别模型[J]. 计算机应用, 2020, 40(7): 1970-1976.

LIANG Denggao, ZHOU Anmin, ZHENG Rongfeng, LIU Liang, DING Jianwei. WeChat payment behavior recognition model based on division of large and small burst blocks[J]. Journal of Computer Applications, 2020, 40(7): 1970-1976.

参考文献

[1] 腾讯科技. 2018微信年度数据报告[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg. (Tencent. 2018 WeChat annual report[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg.
[2] 腾讯科技. 微信发布2019春节数据报告:8.23亿人收发红包[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/aBV5PP1h6Mh0zMqPJNZiPw. (Tencent. WeChat 2019 Spring festival data report:8.23 million people send and receive red packets[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg.
[3] HOU C,SHI J,KANG C,et al. Classifying user activities in the encrypted WeChat traffic[C]//Proceedings of the IEEE 37th International Performance Computing and Communications Conference. Piscataway:IEEE,2018:1-8.
[4] SHAFIQ M,YU X,LOGHARI A A,et al. WeChat text and picture messages service flow traffic classification using machine learning technique[C]//Proceedings of the IEEE 18th International Conference on High Performance Computing and Communications/IEEE 14th International Conference on Smart City/IEEE 2nd International Conference on Data Science and Systems. Piscataway:IEEE,2016:58-62.
[5] YAN F,XU M,QIAO T,et al. Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic[C]//Proceedings of the 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering. Piscataway:IEEE,2018:1426-1432.
[6] FU Y,XIONG H,LU X,et al. Service usage classification with encrypted internet traffic in mobile messaging apps[J]. IEEE Transactions on Mobile Computing,2016,15(11):2851-2864.
[7] WhatsApp. WhatsApp Web[EB/OL].[2019-09-18]. https://web.whatsapp.com.
[8] LANDAU S. Making sense from Snowden:what's significant in the NSA surveillance revelations[J]. IEEE Security and Privacy, 2013,11(4):54-63.
[9] 贾军, 杨进, 李涛. 一种基于DPI自关联数据包检测分类方法[J]. 四川大学学报(自然科学版),2019,56(1):29-36.(JIA J, YANG J,LI T. A DPI-based autocorrelation method for packet detection classification[J]. Journal of Sichuan University (Natural Science Edition),2019,56(1):29-36.)
[10] NAN Y,YANG Z,YANG M,et al. Identifying user-input privacy in mobile applications at a large scale[J]. IEEE Transactions on Information Forensics and Security,2017,12(3):647-661.
[11] ALAN H F,KAUR J. Can Android applications be identified using only TCP/IP headers of their launch time traffic[C]//Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM,2016:61-66.
[12] TAYOR V F,SPOLAOR R,CONTI M,et al. AppScanner:automatic fingerprinting of smartphone apps from encrypted network traffic[C]//Proceedings of the 2016 IEEE European Symposium on Security and Privacy. Piscataway:IEEE,2016:439-454.
[13] CONTI M,MANCINI L V,SPOLAOR R,et al. Can't you hear me knocking:identification of user actions on Android apps via traffic analysis[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York:ACM, 2015:297-304.
[14] PARK K,KIM H. Encryption is not enough:inferring user activities on Kakao Talk with traffic analysis[C]//Proceedings of the16th International Workshop on Information Security Applications,LNCS 9503. Cham:Springer,2015:254-265.
[15] Kakao. Kakao Web[EB/OL].[2019-09-18]. https://www.kakaocorp.com.
[16] TAYLOR V F,SPOLAOR R,CONTI M,et al. Robust smartphone app identification via encrypted network traffic analysis[J]. IEEE Transactions on Information Forensics and Security,2018, 13(1):63-78.
[17] WANG Q,YAHYAVI A,KEMME B,et al. I know what you did on your smartphone:inferring app usage over encrypted data traffic[C]//Proceedings of the 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE,2015:433-441.
[18] Tencent. MMTLS:introduction of TLSV1.3 based Tencent security communication protocol[EB/OL].[2019-09-18]. https://github.com/WeMobileDev/article/blob/master/SUMMARY.md.
[19] Wireshark. Wireshark Web[EB/OL].[2019-01-08]. https://www.wireshark.org/.
[20] CONTI M,MANCINI L,SPOLAOR R,et al. Analyzing Android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security,2016,11(1):114-125.
[21] Weka. Weka3[EB/OL].[2019-01-08]. https://www.cs.waikato.ac.nz/ml/weka//.

基于大小突发块划分的微信支付行为识别模型

WeChat payment behavior recognition model based on division of large and small burst blocks

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	姚梓豪, 栗远明, 马自强, 李扬, 魏良根. 基于机器学习的多目标缓存侧信道攻击检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1862-1871.
[2]	陈学斌, 任志强, 张宏扬. 联邦学习中的安全威胁与防御措施综述[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1663-1672.
[3]	佘维, 李阳, 钟李红, 孔德锋, 田钊. 基于改进实数编码遗传算法的神经网络超参数优化[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 671-676.
[4]	郑毅, 廖存燚, 张天倩, 王骥, 刘守印. 面向城区的基于图去噪的小区级RSRP估计方法[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 855-862.
[5]	李博, 黄建强, 黄东强, 王晓英. 基于异构平台的稀疏矩阵向量乘自适应计算优化[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3867-3875.
[6]	陈学斌, 屈昌盛. 面向联邦学习的后门攻击与防御综述[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3459-3469.
[7]	孙仁科, 皇甫志宇, 陈虎, 李仲年, 许新征. 神经架构搜索综述[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 2983-2994.
[8]	柴汶泽, 范菁, 孙书魁, 梁一鸣, 刘竟锋. 深度度量学习综述[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 2995-3010.
[9]	尹春勇, 周永成. 双端聚类的自动调整聚类联邦学习[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 3011-3020.
[10]	崔昊阳, 张晖, 周雷, 杨春明, 李波, 赵旭剑. 有序规范实数对多相似度K最近邻分类算法[J]. 《计算机应用》唯一官方网站, 2023, 43(9): 2673-2678.
[11]	钟静, 林晨, 盛志伟, 张仕斌. 基于汉明距离的量子K-Means算法[J]. 《计算机应用》唯一官方网站, 2023, 43(8): 2493-2498.
[12]	蓝梦婕, 蔡剑平, 孙岚. 非独立同分布数据下的自正则化联邦学习优化方法[J]. 《计算机应用》唯一官方网站, 2023, 43(7): 2073-2081.
[13]	黄晓辉, 杨凯铭, 凌嘉壕. 基于共享注意力的多智能体强化学习订单派送[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1620-1624.
[14]	郝劭辰, 卫孜钻, 马垚, 于丹, 陈永乐. 基于高效联邦学习算法的网络入侵检测模型[J]. 《计算机应用》唯一官方网站, 2023, 43(4): 1169-1175.
[15]	崔剑, 麻开朗, 孙钰, 王豆, 周君良. 面向加密流量分类的深度可解释方法[J]. 《计算机应用》唯一官方网站, 2023, 43(4): 1151-1159.