基于大小突发块划分的微信支付行为识别模型

doi:10.11772/j.issn.1001-9081.2019122063

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (1310 KB) HTML
输出: BibTeX | EndNote (RIS)

摘要针对微信红包与转账功能被用于红包赌博、非法交易等违法活动，且现有的研究工作难以识别微信中收发红包与转账行为的具体次数，以及存在低识别率和高资源消耗的问题，提出了一种划分大、小流量突发块的方法来提取流量特征，从而对收发红包与转账行为进行有效识别。首先，利用收发红包与转账行为流量的突发性，设定大突发时间阈值将这类行为的流量突发块分隔开；然后，针对收发红包与转账行为由多次连续的用户操作组成的特性，设定小突发阈值将流量块进一步细化为小突发块；最后，综合大突发块中各个小突发块的特征，得到最终的特征。实验结果显示，该方法在时间效率、空间占用率、识别准确率、算法普适性等方面普遍优于微信支付行为识别方面的现有研究，平均准确率最高可达97.58%。真实场景的测试结果表明，所提出的方法基本能准确识别出一段时间内用户收发红包与转账行为的次数。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	梁登高
	周安民
	郑荣锋
	刘亮
	丁建伟

关键词 ：微信, 红包与转账, 流量突发块, 加密流量, 机器学习

Abstract：For the facts that WeChat red packet and fund transfer functions are used for illegal activities such as red packet gambling and illegal transactions, and the existing research work in this field is difficult to identify the specific numbers of sending and receiving red packets and fund transfers in WeChat, and there are problems of low recognition rate and high resource consumption, a method for dividing large and small burst blocks of traffic was proposed to extract the characteristics of traffic, so as to effectively identify the sending and receiving of red packets and the transfer behaviors. Firstly, by taking advantage of the suddenness of sending and receiving red packets and fund transfers, a large burst time threshold was set to define the burst blocks of such behaviors. Then, according to the feature that the behaviors of sending and receiving red packets and fund transfers consist of several consecutive user operations, a small burst threshold was set to further divide the traffic block into small bursts. Finally, synthesizing the features of small burst blocks in the big burst block, the final features were obtained. The experimental results show that the proposed method is generally better than the existing research on WeChat payment behavior recognition in terms of time efficiency, space occupancy rate, recognition accuracy and algorithm universality, with an average accuracy rate up to 97.58%. The test results of the real environment show that the proposed method can basically accurately identify the numbers of sending and receiving red packets and fund transfers for a user in a period of time.

Key words： WeChat red packet and fund transfer traffic burst encrypted traffic machine learning

收稿日期: 2019-12-06 出版日期: 2020-04-23

中图分类号:

TP393.08

基金资助:国家重点研发计划项目（2016YFE0206700）。

通讯作者: 郑荣锋 E-mail: qswhs@foxmail.com

作者简介: 梁登高(1995-),男,贵州兴仁人,硕士研究生,主要研究方向:网络流量分析、恶意流量分析;周安民(1963-),男,四川成都人,研究员,主要研究方向:安全防御管理、移动互联网安全;郑荣锋(1990-),男,重庆人,博士研究生,主要研究方向:信息系统安全;刘亮(1982-),男,四川叙永人,高级工程师,博士研究生,主要研究方向:系统安全、恶意代码分析、漏洞挖掘与利用、网络应用安全;丁建伟(1986-),男,四川自贡人,高级工程师,博士,主要研究方向:网络威胁情报、暗网数据分析。

引用本文:

梁登高, 周安民, 郑荣锋, 刘亮, 丁建伟. 基于大小突发块划分的微信支付行为识别模型[J]. 计算机应用, 2020, 40(7): 1970-1976. LIANG Denggao, ZHOU Anmin, ZHENG Rongfeng, LIU Liang, DING Jianwei. WeChat payment behavior recognition model based on division of large and small burst blocks. Journal of Computer Applications, 2020, 40(7): 1970-1976.

链接本文:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2019122063 或 http://www.joca.cn/CN/Y2020/V40/I7/1970

[1] 腾讯科技. 2018微信年度数据报告[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg. (Tencent. 2018 WeChat annual report[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg.
[2] 腾讯科技. 微信发布2019春节数据报告:8.23亿人收发红包[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/aBV5PP1h6Mh0zMqPJNZiPw. (Tencent. WeChat 2019 Spring festival data report:8.23 million people send and receive red packets[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg.
[3] HOU C,SHI J,KANG C,et al. Classifying user activities in the encrypted WeChat traffic[C]//Proceedings of the IEEE 37th International Performance Computing and Communications Conference. Piscataway:IEEE,2018:1-8.
[4] SHAFIQ M,YU X,LOGHARI A A,et al. WeChat text and picture messages service flow traffic classification using machine learning technique[C]//Proceedings of the IEEE 18th International Conference on High Performance Computing and Communications/IEEE 14th International Conference on Smart City/IEEE 2nd International Conference on Data Science and Systems. Piscataway:IEEE,2016:58-62.
[5] YAN F,XU M,QIAO T,et al. Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic[C]//Proceedings of the 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering. Piscataway:IEEE,2018:1426-1432.
[6] FU Y,XIONG H,LU X,et al. Service usage classification with encrypted internet traffic in mobile messaging apps[J]. IEEE Transactions on Mobile Computing,2016,15(11):2851-2864.
[7] WhatsApp. WhatsApp Web[EB/OL].[2019-09-18]. https://web.whatsapp.com.
[8] LANDAU S. Making sense from Snowden:what's significant in the NSA surveillance revelations[J]. IEEE Security and Privacy, 2013,11(4):54-63.
[9] 贾军, 杨进, 李涛. 一种基于DPI自关联数据包检测分类方法[J]. 四川大学学报(自然科学版),2019,56(1):29-36.(JIA J, YANG J,LI T. A DPI-based autocorrelation method for packet detection classification[J]. Journal of Sichuan University (Natural Science Edition),2019,56(1):29-36.)
[10] NAN Y,YANG Z,YANG M,et al. Identifying user-input privacy in mobile applications at a large scale[J]. IEEE Transactions on Information Forensics and Security,2017,12(3):647-661.
[11] ALAN H F,KAUR J. Can Android applications be identified using only TCP/IP headers of their launch time traffic[C]//Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM,2016:61-66.
[12] TAYOR V F,SPOLAOR R,CONTI M,et al. AppScanner:automatic fingerprinting of smartphone apps from encrypted network traffic[C]//Proceedings of the 2016 IEEE European Symposium on Security and Privacy. Piscataway:IEEE,2016:439-454.
[13] CONTI M,MANCINI L V,SPOLAOR R,et al. Can't you hear me knocking:identification of user actions on Android apps via traffic analysis[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York:ACM, 2015:297-304.
[14] PARK K,KIM H. Encryption is not enough:inferring user activities on Kakao Talk with traffic analysis[C]//Proceedings of the16th International Workshop on Information Security Applications,LNCS 9503. Cham:Springer,2015:254-265.
[15] Kakao. Kakao Web[EB/OL].[2019-09-18]. https://www.kakaocorp.com.
[16] TAYLOR V F,SPOLAOR R,CONTI M,et al. Robust smartphone app identification via encrypted network traffic analysis[J]. IEEE Transactions on Information Forensics and Security,2018, 13(1):63-78.
[17] WANG Q,YAHYAVI A,KEMME B,et al. I know what you did on your smartphone:inferring app usage over encrypted data traffic[C]//Proceedings of the 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE,2015:433-441.
[18] Tencent. MMTLS:introduction of TLSV1.3 based Tencent security communication protocol[EB/OL].[2019-09-18]. https://github.com/WeMobileDev/article/blob/master/SUMMARY.md.
[19] Wireshark. Wireshark Web[EB/OL].[2019-01-08]. https://www.wireshark.org/.
[20] CONTI M,MANCINI L,SPOLAOR R,et al. Analyzing Android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security,2016,11(1):114-125.
[21] Weka. Weka3[EB/OL].[2019-01-08]. https://www.cs.waikato.ac.nz/ml/weka//.