Chunwei Tian,Qi Zhang,Guanglu Sun

DOI: https://doi.org/10.2991/icadme-16.2016.104

2016-01-01

Abstract:Wechat is a popular social platform developed in 2011 by Tencent. In this paper wechat traffic is analyzed by a novel hybrid method, which combines statistical method, payload-based method, SVM, CRC and deep learning. Firstly, the statistical method is utilized to extract features from wechat packets header, which can classify different wechat applications and functions, e.g. texts, images and voice, and so on. Secondly, payload-based method is used to identify the traffic, which is corresponding to the above functions and application protocols. Thirdly, SVM is applied to categorize the texts based on their attributes. CRC method is used to classify the images, which effectively protects the user's privacy. Finally, deep learning is presented to extract features of wechat app in order to check the malicious software. Experimental results show that, the proposed method has high accuracy for wechat traffic. It not only identifies wechat app, but also detects the specific functions of app. It even discriminates texts, images, voice and malicious software effectively.

Qiang Zhang,Ming Xu,Ning Zheng,Tong Qiao,Yaru Wang

DOI: https://doi.org/10.3390/info11010018

2019-01-01

Information

Abstract:Attackers can eavesdrop and exploit user privacy by classifying traffic into different types of in-app service usage to identify user actions. WeChat is the largest social messaging platform, which is a popular application in China. When WeChat is shut down, it is unable to generate traffic; that is, traditional traffic. However, the traffic still can be generated by system. How to identify the message types within WeChat with traffic generated by a system instead of traditional traffic becomes a new challenge. To deal with this challenge, we designed a system to identify and analyze the traffic of the Apple Push Notification service (APNs) to identify the message types of WeChat. In detail, we designed a system to identify and analyze the traffic of the APNs. First, the system clusters the traffic based on the session and divides it into multiple bursts. Then, it extracts the features of each burst and sends these features to the learning-based classifier to extract APNs’s traffic from the background traffic. Finally, it uses a hash-based lookup table method to analyze message types from APNs traffic. Extensive evaluation results show that we can accurately identify the six message types of APN and WeChat. In addition, we propose two coping strategies for the method proposed in this article.

C. W. Tian,G. L. Sun,S. X. Zhu,Q. Zhang

2017-01-01

Abstract:The deep learning method can not only adaptively extract features and classify traffic, but it also has high accuracy. Consequently, it has been widely applied in image processing, voice processing and text processing, etc. In this paper, our proposed novel method has two phases. The first phase uses deep learning to extract features of WeChat, which achieves satisfactory performance. The second phase uses a method based on network flow characteristics recognise WeChat traffic, which is complementary with the deep learning method and can further improve accuracy. Our proposed novel method has the following main merits. First, it has excellent performance for Transmission Control Protocol (TCP)connection WeChat. Second, it is simple and easy to implement on WeChat recognition, which has better applicability. Then, our proposed method can automatically study and extract features of WeChat, without the need for any manual setting. Finally, it can recognise WeChat specific business, i.e. text messages and voice messages, etc. To better show the performance of the proposed method, we conducted some experiments on different platforms, iOS, android and web of windows.

Qun Huang,Patrick P. C. Lee,Caifeng He,Jianfeng Qian,Cheng He

DOI: https://doi.org/10.1109/iwqos.2015.7404750

2015-01-01

Abstract:WeChat is one of the most popular mobile messaging applications worldwide. However, due to the proprietary nature of WeChat, its characteristics and performance impact on cellular networks remain largely unexplored. This paper presents the first measurement study that dissects real-world WeChat traffic in a cellular network. We build ChatDissect, a protocol inference tool that infers the unique protocol formats and semantics of WeChat in a fine-grained manner. ChatDissect enables us to distinguish WeChat and its specific tasks from general network traffic traces. As a case study, we collect a real-world dataset from a commercial 3G cellular network in China and use ChatDissect to identify around 150K WeChat users with 16GB of WeChat payloads. We unveil the signatures, server architecture, and workflows of WeChat, and further analyze the activities of the extracted WeChat traffic.

Shurong Lin,Wenli Zhou,Jun Liu

DOI: https://doi.org/10.1109/ihmsc.2016.63

2016-01-01

Abstract:In this paper, we extract the characteristics of WeChat traffic and propose approaches to identify WeChat traffic in cellular data network. WeChat communication mechanisms are discussed. The traffic and usage pattern of Video Call service provided by WeChat are studied from massive traffic data using Spark, differently from previous methods. We analyze the features of WeChat Video Call service, a Voice over Internet Protocol (VoIP) application in three aspects, which are (i) daily/weekly usage pattern, (ii) traffic/usage distribution, (iii) conversation time distribution. Our analysis has two important features. Firstly, the massive mobile subscriber data we used in our experiments was collected from a commercial Internet Service Provider (ISP) covering an entire province in Northern China ensuring that the results reflect the real characteristics of service in question in cellular network. Secondly, we investigate that the WeChat Video Call usage times fit with the power law distribution. Our results are important for cellular network operators and service providers to realize WeChat traffic identification methods and user behavior of Video Call, which imply information for optimization of their services.

Yuhang Shan,Guang Cheng,Zihan Chen

DOI: https://doi.org/10.1109/msn60784.2023.00128

2023-01-01

Abstract:Smartphones and mobile Internet development have promoted the rise of short video applications. Douyin, the most popular short video application in China, has very complex in-app functions. Due to users’ need for privacy protection, encryption protocols are widely used. But it also makes it difficult to supervise malicious user behaviors. The encrypted traffic of Douyin user behaviors has the characteristics of a small sample and instantaneity. It is easy to be covered by the huge background traffic, which brings challenges to the research of Douyin user behavior identification. To solve this problem, we first proposed an automated method for labeling encrypted traffic of Douyin user behaviors based on multistage packet filtration technology, which can improve labeling efficiency and sample purity. Secondly, we propose a multi-layer identification method to identify Douyin user behaviors. Specifically, we first analyze the global and local characteristics of Douyin traffic to identify user behavior flows. Then, the user behavior flow is segmented into packet subsequences based on the local burstiness of the user behavior traffic. Finally, we extract the features of subsequences to identify Douyin user behaviors. The results can achieve an average of 0.980 precision, 0.966 recall, and 0.971 f1-score.

Yu Cheng,Xiaofang Qi,Yanhui Li,Yumeng Wang

DOI: https://doi.org/10.1016/j.cose.2024.104117

IF: 5.105

2025-01-01

Computers & Security

Abstract:Recently, red packets have appeared widely in various mobile apps. Related security issues like fraud are gradually coming into the public eye. As a new means of fraud, red packet fraud has not yet been explored or addressed. In this paper, based on our empirical study on red packets, we propose a novel approach ReckDroid for red packet fraud detection. Our approach adopts a heuristic algorithm to identify red packets and then detects red packet fraud by analyzing the network traffic dynamically generated during the automated exploration of mobile apps. Our experiments are performed on hundreds of labeled real-world apps. Experimental results show that ReckDroid identifies red packets with a precision of 98.0% and a recall of 93.3%, and detects red packet fraud with a precision of 88.6% and a recall of 92.5%. By applying ReckDroid to over 1000 Android apps in the wild, we find that apps with red packets account for 17.6% of apps from seven app markets (including Google Play) while red packet fraud mainly occurs in Chinese app markets.

Yuan Yuan,Tracy Xiao Liu,Chenhao Tan,Jie Tang

DOI: https://doi.org/10.48550/arXiv.1712.02926

2017-12-08

Abstract:Gift giving is a ubiquitous social phenomenon, and red packets have been used as monetary gifts in Asian countries for thousands of years. In recent years, online red packets have become widespread in China through the WeChat platform. Exploiting a unique dataset consisting of 61 million group red packets and seven million users, we conduct a large-scale, data-driven study to understand the spread of red packets and the effect of red packets on group activity. We find that the cash flows between provinces are largely consistent with provincial GDP rankings, e.g., red packets are sent from users in the south to those in the north. By distinguishing spontaneous from reciprocal red packets, we reveal the behavioral patterns in sending red packets: males, seniors, and people with more in-group friends are more inclined to spontaneously send red packets, while red packets from females, youths, and people with less in-group friends are more reciprocal. Furthermore, we use propensity score matching to study the external effects of red packets on group dynamics. We show that red packets increase group participation and strengthen in-group relationships, which partly explain the benefits and motivations for sending red packets.

Social and Information Networks,Computers and Society,Human-Computer Interaction,Multimedia,Econometrics

Junming Liu,Yanjie Fu,Jingci Ming,Yong Ren,Leilei Sun,Hui Xiong

DOI: https://doi.org/10.1145/3097983.3098049

2017-01-01

Abstract:The mobile in-App service analysis, aiming at classifying mobile internet traffic into different types of service usages, has become a challenging and emergent task for mobile service providers due to the increasing adoption of secure protocols for in-App services. While some efforts have been made for the classification of mobile internet traffic, existing methods rely on complex feature construction and large storage cache, which lead to low processing speed, and thus not practical for online real-time scenarios. To this end, we develop an iterative analyzer for classifying encrypted mobile traffic in a real-time way. Specifically, we first select an optimal set of most discriminative features from raw features extracted from traffic packet sequences by a novel M aximizing I nner activity similarity and M inimizing D ifferent activity similarity (MIMD) measurement. To develop the online analyzer, we first represent a traffic flow with a series of time windows, which are described by the optimal feature vector and are updated iteratively at the packet level. Instead of extracting feature elements from a series of raw traffic packets, our feature elements are updated when a new traffic packet is observed and the storage of raw traffic packets is not required. The time windows generated from the same service usage activity are grouped by our proposed method, namely, recursive time continuity constrained KMeans clustering (rCKC). The feature vectors of cluster centers are then fed into a random forest classifier to identify corresponding service usages. Finally, we provide extensive experiments on real-world Internet traffic data from Wechat, Whatsapp, and Facebook to demonstrate the effectiveness and efficiency of our approach. The results show that the proposed analyzer provides high accuracy in real-world scenarios, and has low storage cache requirement as well as fast processing speed.

Xiaoxian Chen,Zhenlong Yuan,Yibo Xue

DOI: https://doi.org/10.1109/iccnc.2014.6785437

2014-01-01

Abstract:Tencent QQ is the most popular instant message communication tool in China, which has more than 780 million users and thus generates huge traffic on the Internet. However, due to its proprietary protocol and encryption mechanism, it is very hard to identify QQ traffic at a fine-grained flow level. To solve this issue, this paper proposes a novel identification method, which uses a Payload and Behavior Combination (PBC) technology. PBC combines the packet payload characteristics with behavior characteristics existing in the QQ communication process. The experimental results show that PBC has a good identification accuracy in dealing with QQ traffic.

Muhammad Shafiq,Xiangzhan Yu,Asif Ali Laghari,Lu Yao,Nabin Kumar Karn,Foudil Abdesssamia,Salahuddin

DOI: https://doi.org/10.1109/icitcs.2016.7740379

2016-01-01

Abstract:In this era of information technology, network traffic classification is a very important and hot topic from the perspective of network security and management due to substantial use of dynamic applications. Numerous research models have been proposed in network traffic classification to classify different types of applications and achieve significant accuracy results. However, no work has been done to classify WeChat messages flow traffic. WeChat is a free instant messaging application. Hence, it is very important to classify WeChat text messages traffic. In this paper, we classify WeChat messages flows traffic using two different data sets, which are first captured using Wireshark tool from two different locations network environments, Harbin Institute of Technology Lab and Jinyuan Hotel and then 50 features are extracted from captured traffic. After that four machine learning algorithms SVM, C4.5, Bayes Net and nalve Byes are applied to classify the WeChat text messages traffic. Experimental results show that all classifiers give very high accuracy results using two different data sets. Using Jinyuan data set SVM and C4.5 decision tree algorithm give 100% accuracy result as compared to Bayes Net and Naive Bayes algorithm and using Harbin Institute of Technology Lab data set all classifiers give 99.7% high accuracy results.

Kamal Abubker Abrahim Sleiman,Juanli Lan,Xiangyu Cai,Yubo Wang,Hongzhen Lei,Ru Liu

DOI: https://doi.org/10.1007/978-3-030-78811-7_53

2021-01-01

Abstract:WeChat has become an essential social media platform in China. This research investigates the importance of the WeChat Red packet as a motivator at achieving user’s satisfaction and loyalty in China. To investigate its impact, and factors that attribute to its popularity and acceptability, we extended technology acceptance model (TAM), in addition to the main model factors, “perceived usefulness and perceived ease of use” our proposed model include, perceived trust, perceived security, and perceived entertainment. The questionnaire was designed, and SPSS was used for the analysis. The research results provide insight into how WeChat Red Packet can motivate users and build their satisfaction to improve their loyalty which in turn increases WeChat users’. These results have future implication and practice for research.

Yaru Wang,Ning Zheng,Ming Xu,Tong Qiao,Qiang Zhang,Feipeng Yan,Jian Xu

DOI: https://doi.org/10.3390/s19143052

2019-07-11

Abstract:Mobile payment apps have been widely-adopted, which brings great convenience to people's lives. However, at the same time, user's privacy is possibly eavesdropped and maliciously exploited by attackers. In this paper, we consider a possible way for an attacker to monitor people's privacy on a mobile payment app, where the attacker aims to identify the user's financial transactions at the trading stage via analyzing the encrypted network traffic. To achieve this goal, a hierarchical identification system is established, which can acquire users' privacy information in three different manners. First, it identifies the mobile payment app from traffic data, then classifies specific actions on the mobile payment app, and finally, detects the detailed steps within the action. In our proposed system, we extract reliable features from the collected traffic data generated on the mobile payment app, then use a series of well-performing ensemble learning strategies to deal with three identification tasks. Compared with prior works, the experimental results demonstrate that our proposed hierarchical identification system performs better.

Gaofeng He,Bingfeng Xu,Lu Zhang,Haiting Zhu

DOI: https://doi.org/10.1177/1550147718817292

IF: 1.938

2018-12-01

International Journal of Distributed Sensor Networks

Abstract:Mobile application (simply “app”) identification at a per-flow granularity is vital for traffic engineering, network management, and security practices. However, uncertainty is caused by a growing fraction of encrypted traffic such as Hypertext Transfer Protocol Secure. To address this challenge, we have carefully analyzed mobile app traffic (mainly including Domain Name System, Hypertext Transfer Protocol, and encrypted traffic such as Secure Sockets Layer and Transport Layer Security) and observed that (1) the sets of server hostnames queried by different apps are distinguishable; (2) mobile apps may query multiple server hostnames simultaneously, that is, apps may send several Domain Name System lookups within a short time interval; and (3) the encrypted traffic may be similar to various other network flows generated by the same app. Based on these three observations, in this article, we propose a novel app identification methodology for encrypted network flows. To be specific, temporal, lexical, and metadata similarity are investigated to select correlated traffic and information retrieving techniques are adopted to identify apps. We ran a thorough set of experiments to assess the performance of the proposed approaches. The experimental results show that the identification accuracy can be as high as 95%, and the proposed methods have low storage requirements as well as fast training speeds.

computer science, information systems,telecommunications

Xin Wang,Shuhui Chen,Jinshu Su

DOI: https://doi.org/10.1109/infocomwkshps50562.2020.9162891

2020-01-01

Abstract:With the exponential growth of mobile traffic data, mobile traffic classification is in a great need. It is an essential step to improve the performance of network services such as QoS and security monitoring. However, the widespread use of encrypted protocols, especially the TLS protocol, has posed great challenges to traditional traffic classification techniques. As the rule-based deep packet inspection approaches are ineffective for encrypted traffic classification, various machine learning methods have been studied and used. Recently, deep learning solutions which enable automatic feature extraction are also proposed to classify encrypted traffic. In this paper we propose App-Net, an end-to-end hybrid neural network, to learn effective features from raw TLS flows for mobile app identification. App-Net is designed by combining RNN and CNN in a parallel way. So that it can learn a joint flow-app embedding to characterize both flow sequence patterns and unique app signatures. We evaluate App-Net on a real-world dataset that covering 80 apps. The results show that our method can achieve an excellent performance and outperform the state-of-the-art methods.

Tiru Wu,Xi Xiao,Qing Li,Qixu Liu,Guangwu Hu,Xiapu Luo,Yong Jiang

DOI: https://doi.org/10.1109/secon58729.2023.10287511

2023-01-01

Abstract:With the increasing popularity of encryption pro-tocols in application and the rapid development of network applications, traffic classification has become a major challenge for mobile service providers. The failure of traditional classification methods and low classification accuracy are the problems that need to be solved urgently in traffic classification research. Therefore, we propose the scheme of BehavSniffer to sniff user behaviors from the encrypted traffic. The core idea is to propose Traffic Burst Graph (TBG) for extracting multidimensional features from bidirectional interactive data flows, and do feature fusion based on Kernel Principal Component Analysis (KPCA) and Deep Neural Network (DNN). In this way, BehavSniffer can learn both high and low-order combined structural features from traffic patterns of user behavior. Meanwhile, we propose the user behavior dataset, named WWT, from three widely used social media applications (WeChat, WhatsApp, Telegram). Experimental results show that BehavSniffer outperforms stateof-the-art methods, with AUC of 0.987 and accuracy of 99.8%, respectively.

Muhammad Shafiq,Xiangzhan Yu,Asif Ali Laghari

DOI: https://doi.org/10.1504/ijics.2018.10012574

2018-01-01

Abstract:In this research paper, we present the first classification study to classify WeChat application service flow traffic (text messages, picture messages, audio call and video call traffic) classification and secondly to find out the effectiveness of big dataset and small dataset as well as to find out effective machine learning classifiers. We firstly capture WeChat traffic and then extract 44 features then we combine capture traffic to make full instance of dataset. Then we make reduce instances of dataset from the full instance of dataset to show the effectiveness of large dataset and small dataset. Then we execute well known machine learning classifiers. Using statistical test, we use Wilcoxon and Friedman statistical test for the datasets and ML classifiers to find more deeply its effectiveness. Experimental results show that reduce instance dataset show high accuracy result compared to full instance and C4.5 classifier perform effectively as compared to other classifiers.

Qian Zhang,Jun Li,Shanyong Wang,Yu Zhou

DOI: https://doi.org/10.1109/ACCESS.2018.2888576

IF: 3.9

2019-01-01

IEEE Access

Abstract:As a new social phenomenon occurring during the Spring festival in recent years in China, snatching "WeChat red envelopes" fever has swept the country. The high popularity of WeChat red envelopes is unusually interesting because of individual's behavior reflects a trade-off between concerns for the economic consequences and the psychological consequences. Why people prefer to WeChat red envelopes rather than cash envelopes, even when the latter delivery higher economic benefits? Understanding some of the rules governing customer's decision making that affect their preferences regarding the WeChat online red envelopes activities is meaningful. This paper documents the motivations of people for receiving and giving WeChat red envelopes. It constructs and tests four hypotheses to explore these motivations. Three studies are then conducted, which show that the individual's motivations to snatch red envelopes are influenced by luck-chasing preference, mental accounting effect, motivating-uncertainty effect, and reference dependence. Specifically, individuals tend to pay more attention to the psychological consequences than that to the economic consequences of snatching WeChat red envelopes. Based on these results, theoretical and practical implications are provided.

Chong Xiang,Qingrong Chen,Minhui Xue,Haojin Zhu

DOI: https://doi.org/10.1109/GLOCOM.2018.8647508

2018-01-01

Abstract:As smart phones gradually become the dominant network traffic generators, app traffic analysis methods have gained great interests for network management and targeted advertisement. Specifically, previous works have shown that the scalability of app inference via traffic meta-data has the edge over traditional payload based analysis. However, such works mainly considered the ideal inference scenario where only one app is running on the client's device, without any background traffic noise interfered. In this paper, we extend the research to a more practical scenario, by assuming that multiple apps simultaneously run on a smart phone in the noisy background with complex traffic generated by the operating system. To that end, we propose APPCLASSIFIER, an Android app fingerprinting scheme for real-time app inference. We first leverage the observed differences in packet size distributions and traffic sequential behaviors to boost inference accuracy for noise-free traffic analysis. We then propose novel heuristic based methods to re-correct mislabeled traffic flows to realize real-time traffic inference. As a result, APPCLASSIFIER achieves inference accuracy of 823% for noise-free traffic analysis and reduces error rate from 66.7% to 36.4% for real-time traffic inference.

Zhongkai Zhang,Lei Liu,Xudong Lu,Zhongmin Yan,Hui Li

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom51426.2020.00114

2020-01-01

Abstract:With the growing number of the network based applications, the quality and usability of various applications require distinguished requirements in light of network performance. The Internet is a vast network of independently-managed networks. The traffic is heterogeneous and consists of flows from multiple applications. For the sake of Internet governance, identifying who is who has become an impressing demand. The purpose of Internet governance is to properly distinguish the demands across the limited recourse. Traffic classification is the very beginning that helps identify who and how much the application requires. Hence, the classification and identification of encrypted traffic has drawn much research attention. Compare to the traditional methods such as port-based methods and payload-based methods, this study establishes a two-stage traffic classification framework based on convolutional neural network. Experimental results suggest that the developed method has a good degree of traffic classification subject to fewer bytes in the packet.