Mobile SDNs: Associating End-User Commands with Network Flows in Android Devices

IF 1.5 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

IET Communications Pub Date : 2025-05-10 DOI:10.1049/cmu2.70047

Shuwen Liu, Craig A. Shue, Joseph P. Petitti, Yunsen Lei, Yu Liu

{"title":"Mobile SDNs: Associating End-User Commands with Network Flows in Android Devices","authors":"Shuwen Liu, Craig A. Shue, Joseph P. Petitti, Yunsen Lei, Yu Liu","doi":"10.1049/cmu2.70047","DOIUrl":null,"url":null,"abstract":"<p>Mobile devices pose several distinct challenges from a security perspective. First, they have varied and ephemeral network connections, often using a cellular provider network as a backup option when connectivity is not available via wireless local access networks. This varied network connectivity makes it difficult to comprehensively deploy in-network solutions, such as firewalls or intrusion detection systems, since they would have to be active in every network the device would use. Second, with personally owned devices, the device owner may have security goals and privacy priorities that are distinct from organizations that provide connectivity or data assets, such as employers or schools. These complex relationships may complicate efforts to protect the devices. This paper explores a technique that runs on the mobile device endpoints to learn about the usage patterns associated with the device, in order to enforce network policy. We explore sensors that examine the mobile device's user interface, using physical inputs via finger taps, and that link them with the network activity on the device. We incorporate with allow-list policies that can be provided by organizations to make on-device access control decisions. Using IP address and DNS host name allow-lists as a baseline, we explore the accuracy of interface-aware allow-lists. We find the interface-aware allow-lists can reach over 98.5% accuracy, even when user-specified destinations are used, greatly exceeding the baseline accuracy. Our performance evaluation indicates our approach introduces a median of 3.87 ms of overall delay with low CPU usage.</p>","PeriodicalId":55001,"journal":{"name":"IET Communications","volume":"19 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cmu2.70047","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Communications","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cmu2.70047","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Mobile devices pose several distinct challenges from a security perspective. First, they have varied and ephemeral network connections, often using a cellular provider network as a backup option when connectivity is not available via wireless local access networks. This varied network connectivity makes it difficult to comprehensively deploy in-network solutions, such as firewalls or intrusion detection systems, since they would have to be active in every network the device would use. Second, with personally owned devices, the device owner may have security goals and privacy priorities that are distinct from organizations that provide connectivity or data assets, such as employers or schools. These complex relationships may complicate efforts to protect the devices. This paper explores a technique that runs on the mobile device endpoints to learn about the usage patterns associated with the device, in order to enforce network policy. We explore sensors that examine the mobile device's user interface, using physical inputs via finger taps, and that link them with the network activity on the device. We incorporate with allow-list policies that can be provided by organizations to make on-device access control decisions. Using IP address and DNS host name allow-lists as a baseline, we explore the accuracy of interface-aware allow-lists. We find the interface-aware allow-lists can reach over 98.5% accuracy, even when user-specified destinations are used, greatly exceeding the baseline accuracy. Our performance evaluation indicates our approach introduces a median of 3.87 ms of overall delay with low CPU usage.

Abstract Image

查看原文本刊更多论文

移动sdn：将终端用户命令与Android设备的网络流关联

从安全的角度来看，移动设备带来了几个不同的挑战。首先，它们的网络连接多种多样且短暂，当无法通过无线本地接入网络连接时，通常使用蜂窝网络作为备份选择。这种不同的网络连接使得全面部署网络内解决方案（如防火墙或入侵检测系统）变得困难，因为它们必须在设备使用的每个网络中都处于活动状态。其次，对于个人拥有的设备，设备所有者可能有不同于提供连接或数据资产的组织（如雇主或学校）的安全目标和隐私优先级。这些复杂的关系可能会使保护设备的努力复杂化。本文探讨了一种在移动设备端点上运行的技术，以了解与设备相关的使用模式，从而实施网络策略。我们探索传感器，检查移动设备的用户界面，使用物理输入通过手指点击，并将它们与设备上的网络活动联系起来。我们结合组织提供的允许列表策略来制定设备上的访问控制决策。使用IP地址和DNS主机名允许列表作为基线，我们探索了接口感知允许列表的准确性。我们发现，即使使用了用户指定的目的地，感知接口的允许列表也可以达到98.5%以上的精度，大大超过了基线精度。我们的性能评估表明，我们的方法在低CPU使用率下引入了中位数3.87 ms的总延迟。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Communications 工程技术-工程：电子与电气

CiteScore

4.30

自引率

6.20%

发文量

220

审稿时长

5.9 months

期刊介绍： IET Communications covers the fundamental and generic research for a better understanding of communication technologies to harness the signals for better performing communication systems using various wired and/or wireless media. This Journal is particularly interested in research papers reporting novel solutions to the dominating problems of noise, interference, timing and errors for reduction systems deficiencies such as wasting scarce resources such as spectra, energy and bandwidth. Topics include, but are not limited to: Coding and Communication Theory; Modulation and Signal Design; Wired, Wireless and Optical Communication; Communication System Special Issues. Current Call for Papers: Cognitive and AI-enabled Wireless and Mobile - https://digital-library.theiet.org/files/IET_COM_CFP_CAWM.pdf UAV-Enabled Mobile Edge Computing - https://digital-library.theiet.org/files/IET_COM_CFP_UAV.pdf