CD-Net：针对应用程序更新的稳健移动流量分类

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-11-20 DOI:10.1016/j.cose.2024.104214

Yanan Chen , Botao Hou , Bin Wu , Hao Hu

{"title":"CD-Net：针对应用程序更新的稳健移动流量分类","authors":"Yanan Chen , Botao Hou , Bin Wu , Hao Hu","doi":"10.1016/j.cose.2024.104214","DOIUrl":null,"url":null,"abstract":"<div><div>Mobile traffic classification (MTC) is an increasingly important domain in traffic filtering and malware detection. Existing methods have achieved good results in distribution-invariant MTC. However, as apps update rapidly and users’ update time varies, the traffic of a certain app often consists of multiple versions mixed together in the real-world network. This dynamic proportion of new-version app traffic significantly affects the performance of models, even if they have been retrained with new-version app traffic. In this paper, we propose CD-Net, a robust encrypted MTC method designed to classify the mixed traffic of multi-version apps. CD-Net is based on the few-shot framework and primarily comprises two components: the CNN part for feature extraction and the DNN part for classification. When an app is updated, the DNN part is retrained to classify the new-version app, while the CNN part remains unchanged to ensure the ability to classify the original-version app. We collected a real-world dataset to validate the effectiveness of our proposed CD-Net. Before retraining with the new-version app traffic, the accuracy of all models declined during the process of an app update. However, after retraining the DNN part with a few samples of the new-version app traffic, the F1-Score of our model remained above 93.68% throughout the app update process, while the F1-Score of the retrained state-of-the-art method dropped to 88.28%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104214"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CD-Net: Robust mobile traffic classification against apps updating\",\"authors\":\"Yanan Chen , Botao Hou , Bin Wu , Hao Hu\",\"doi\":\"10.1016/j.cose.2024.104214\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Mobile traffic classification (MTC) is an increasingly important domain in traffic filtering and malware detection. Existing methods have achieved good results in distribution-invariant MTC. However, as apps update rapidly and users’ update time varies, the traffic of a certain app often consists of multiple versions mixed together in the real-world network. This dynamic proportion of new-version app traffic significantly affects the performance of models, even if they have been retrained with new-version app traffic. In this paper, we propose CD-Net, a robust encrypted MTC method designed to classify the mixed traffic of multi-version apps. CD-Net is based on the few-shot framework and primarily comprises two components: the CNN part for feature extraction and the DNN part for classification. When an app is updated, the DNN part is retrained to classify the new-version app, while the CNN part remains unchanged to ensure the ability to classify the original-version app. We collected a real-world dataset to validate the effectiveness of our proposed CD-Net. Before retraining with the new-version app traffic, the accuracy of all models declined during the process of an app update. However, after retraining the DNN part with a few samples of the new-version app traffic, the F1-Score of our model remained above 93.68% throughout the app update process, while the F1-Score of the retrained state-of-the-art method dropped to 88.28%.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"150 \",\"pages\":\"Article 104214\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-11-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824005200\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005200","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

移动流量分类（MTC）是流量过滤和恶意软件检测中一个日益重要的领域。现有方法在分布不变 MTC 方面取得了良好的效果。然而，由于应用程序更新快，用户更新时间不一，在现实网络中，某个应用程序的流量往往由多个版本混合而成。这种新版本应用程序流量的动态比例会严重影响模型的性能，即使模型已经使用新版本应用程序流量进行了重新训练。在本文中，我们提出了 CD-Net，这是一种鲁棒的加密 MTC 方法，旨在对多版本应用程序的混合流量进行分类。CD-Net 基于 few-shot 框架，主要由两个部分组成：用于特征提取的 CNN 部分和用于分类的 DNN 部分。当应用程序更新时，DNN 部分会重新训练以对新版本的应用程序进行分类，而 CNN 部分则保持不变，以确保对原始版本应用程序的分类能力。我们收集了一个真实世界的数据集，以验证我们提出的 CD-Net 的有效性。在使用新版本应用程序流量重新训练之前，所有模型的准确率在应用程序更新过程中都有所下降。然而，在使用少量新版本应用程序流量样本重新训练 DNN 部分后，我们的模型在整个应用程序更新过程中的 F1 分数保持在 93.68% 以上，而重新训练的最先进方法的 F1 分数则下降到 88.28%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CD-Net: Robust mobile traffic classification against apps updating

Mobile traffic classification (MTC) is an increasingly important domain in traffic filtering and malware detection. Existing methods have achieved good results in distribution-invariant MTC. However, as apps update rapidly and users’ update time varies, the traffic of a certain app often consists of multiple versions mixed together in the real-world network. This dynamic proportion of new-version app traffic significantly affects the performance of models, even if they have been retrained with new-version app traffic. In this paper, we propose CD-Net, a robust encrypted MTC method designed to classify the mixed traffic of multi-version apps. CD-Net is based on the few-shot framework and primarily comprises two components: the CNN part for feature extraction and the DNN part for classification. When an app is updated, the DNN part is retrained to classify the new-version app, while the CNN part remains unchanged to ensure the ability to classify the original-version app. We collected a real-world dataset to validate the effectiveness of our proposed CD-Net. Before retraining with the new-version app traffic, the accuracy of all models declined during the process of an app update. However, after retraining the DNN part with a few samples of the new-version app traffic, the F1-Score of our model remained above 93.68% throughout the app update process, while the F1-Score of the retrained state-of-the-art method dropped to 88.28%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.