WeChat payment behavior recognition model based on division of large and small burst blocks
LIANG Denggao1, ZHOU Anmin1, ZHENG Rongfeng2, LIU Liang1, DING Jianwei3
1. College of Cybersecurity, Sichuan University, Chengdu Sichuan 610065, China; 2. College of Electronics and Information Engineering, Sichuan University, Chengdu Sichuan 610065, China; 3. Science and Technology on Communication Security Laboratory, The 30 th Research Institute of China Electronics Technology Group Corporation, Chengdu Sichuan 610041, China
Abstract:For the facts that WeChat red packet and fund transfer functions are used for illegal activities such as red packet gambling and illegal transactions, and the existing research work in this field is difficult to identify the specific numbers of sending and receiving red packets and fund transfers in WeChat, and there are problems of low recognition rate and high resource consumption, a method for dividing large and small burst blocks of traffic was proposed to extract the characteristics of traffic, so as to effectively identify the sending and receiving of red packets and the transfer behaviors. Firstly, by taking advantage of the suddenness of sending and receiving red packets and fund transfers, a large burst time threshold was set to define the burst blocks of such behaviors. Then, according to the feature that the behaviors of sending and receiving red packets and fund transfers consist of several consecutive user operations, a small burst threshold was set to further divide the traffic block into small bursts. Finally, synthesizing the features of small burst blocks in the big burst block, the final features were obtained. The experimental results show that the proposed method is generally better than the existing research on WeChat payment behavior recognition in terms of time efficiency, space occupancy rate, recognition accuracy and algorithm universality, with an average accuracy rate up to 97.58%. The test results of the real environment show that the proposed method can basically accurately identify the numbers of sending and receiving red packets and fund transfers for a user in a period of time.
梁登高, 周安民, 郑荣锋, 刘亮, 丁建伟. 基于大小突发块划分的微信支付行为识别模型[J]. 计算机应用, 2020, 40(7): 1970-1976.
LIANG Denggao, ZHOU Anmin, ZHENG Rongfeng, LIU Liang, DING Jianwei. WeChat payment behavior recognition model based on division of large and small burst blocks. Journal of Computer Applications, 2020, 40(7): 1970-1976.
[1] 腾讯科技. 2018微信年度数据报告[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg. (Tencent. 2018 WeChat annual report[EB/OL].[2019-01-09]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg. [2] 腾讯科技. 微信发布2019春节数据报告:8.23亿人收发红包[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/aBV5PP1h6Mh0zMqPJNZiPw. (Tencent. WeChat 2019 Spring festival data report:8.23 million people send and receive red packets[EB/OL].[2019-02-12]. https://mp.weixin.qq.com/s/Khf4-dChUIgIg8NHCiJPyg. [3] HOU C,SHI J,KANG C,et al. Classifying user activities in the encrypted WeChat traffic[C]//Proceedings of the IEEE 37th International Performance Computing and Communications Conference. Piscataway:IEEE,2018:1-8. [4] SHAFIQ M,YU X,LOGHARI A A,et al. WeChat text and picture messages service flow traffic classification using machine learning technique[C]//Proceedings of the IEEE 18th International Conference on High Performance Computing and Communications/IEEE 14th International Conference on Smart City/IEEE 2nd International Conference on Data Science and Systems. Piscataway:IEEE,2016:58-62. [5] YAN F,XU M,QIAO T,et al. Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic[C]//Proceedings of the 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering. Piscataway:IEEE,2018:1426-1432. [6] FU Y,XIONG H,LU X,et al. Service usage classification with encrypted internet traffic in mobile messaging apps[J]. IEEE Transactions on Mobile Computing,2016,15(11):2851-2864. [7] WhatsApp. WhatsApp Web[EB/OL].[2019-09-18]. https://web.whatsapp.com. [8] LANDAU S. Making sense from Snowden:what's significant in the NSA surveillance revelations[J]. IEEE Security and Privacy, 2013,11(4):54-63. [9] 贾军, 杨进, 李涛. 一种基于DPI自关联数据包检测分类方法[J]. 四川大学学报(自然科学版),2019,56(1):29-36.(JIA J, YANG J,LI T. A DPI-based autocorrelation method for packet detection classification[J]. Journal of Sichuan University (Natural Science Edition),2019,56(1):29-36.) [10] NAN Y,YANG Z,YANG M,et al. Identifying user-input privacy in mobile applications at a large scale[J]. IEEE Transactions on Information Forensics and Security,2017,12(3):647-661. [11] ALAN H F,KAUR J. Can Android applications be identified using only TCP/IP headers of their launch time traffic[C]//Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM,2016:61-66. [12] TAYOR V F,SPOLAOR R,CONTI M,et al. AppScanner:automatic fingerprinting of smartphone apps from encrypted network traffic[C]//Proceedings of the 2016 IEEE European Symposium on Security and Privacy. Piscataway:IEEE,2016:439-454. [13] CONTI M,MANCINI L V,SPOLAOR R,et al. Can't you hear me knocking:identification of user actions on Android apps via traffic analysis[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York:ACM, 2015:297-304. [14] PARK K,KIM H. Encryption is not enough:inferring user activities on Kakao Talk with traffic analysis[C]//Proceedings of the16th International Workshop on Information Security Applications,LNCS 9503. Cham:Springer,2015:254-265. [15] Kakao. Kakao Web[EB/OL].[2019-09-18]. https://www.kakaocorp.com. [16] TAYLOR V F,SPOLAOR R,CONTI M,et al. Robust smartphone app identification via encrypted network traffic analysis[J]. IEEE Transactions on Information Forensics and Security,2018, 13(1):63-78. [17] WANG Q,YAHYAVI A,KEMME B,et al. I know what you did on your smartphone:inferring app usage over encrypted data traffic[C]//Proceedings of the 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE,2015:433-441. [18] Tencent. MMTLS:introduction of TLSV1.3 based Tencent security communication protocol[EB/OL].[2019-09-18]. https://github.com/WeMobileDev/article/blob/master/SUMMARY.md. [19] Wireshark. Wireshark Web[EB/OL].[2019-01-08]. https://www.wireshark.org/. [20] CONTI M,MANCINI L,SPOLAOR R,et al. Analyzing Android encrypted network traffic to identify user actions[J]. IEEE Transactions on Information Forensics and Security,2016,11(1):114-125. [21] Weka. Weka3[EB/OL].[2019-01-08]. https://www.cs.waikato.ac.nz/ml/weka//.