[연구소식] 보안공학 연구실, The Web Conference (WWW) 2023 논문 게재 승인
- 성균관대 SW중심대학사업단
- 조회수651
- 2023-01-31
보안공학 연구실, The Web Conference (WWW) 2023 논문 게재 승인
보안공학 연구실(지도교수: 김형식, https://seclab.skku.edu)의 오상학 학생(박사과정)과 김형식 교수(교신저자)가 진행한 “AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN” 논문이 웹/데이터 마이닝 분야 최우수 학회 The Web Conference (WWW) 2023 (https://www2023.thewebconf.org) (BK IF=4)에 게재 승인되었고, 2023년 4월미국텍사스에서발표될예정입니다.
본 논문은 기존 모바일 앱 핑거프린팅 시스템들이 VPN 기술을 통해 쉽게 우회될 수 있는 한계점을 실험을 통해 제시하고, 이를 보완하기 위해 새로운 모바일 앱 핑거프린팅 시스템인 AppSniffer를 제안합니다. AppSniffer는 모바일 앱 트래픽이 VPN 환경에서 생성되었더라도 이를 분석하여 특징점을 추출하고, 앙상블 모델링을 통해 최종적으로 모바일 앱 핑거프린팅을 수행할 수 있도록 설계되었습니다. 본 논문에서는 100개의 모바일 앱 트래픽을 일반 환경과 VPN 환경에서 수집하였고, 이를 기반으로 실험을 통해 AppSniffer가 모든 환경(일반/VPN 환경)에서 모바일 앱 핑거프린팅을 수행할 수 있음을 보임으로써 VPN traffic에 robust함을 보여주었습니다.
[논문 정보]
Sanghak Oh, Minwook Lee, Hyunwoo Lee, Elisa Bertino, and Hyoungshick Kim. AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN” In Proceedings of the ACM 32nd Web Conference: WWW 2023, Austin, USA, 2023
Abstract: Application fingerprinting is a useful data analysis technique for network administrators, marketing agencies, and security analysts. For example, an administrator can adopt application fingerprinting techniques to determine whether a user's network access is allowed. Several mobile application fingerprinting techniques (e.g., Flowprint, AppScanner, and ET-BERT) were recently introduced to identify applications using the characteristics of network traffic. However, we find that the performance of the existing mobile application fingerprinting systems significantly degrades when a virtual private network (VPN) is used. To address such a shortcoming, we propose a framework dubbed AppSniffer that uses a two-stage classification process for mobile app fingerprinting. In the first stage, we distinguish VPN traffic from normal traffic; in the second stage, we use the optimal model for each traffic type. Specifically, we propose a stacked ensemble model using Light Gradient Boosting Machine (LightGBM) and a FastAI library-based neural network model to identify applications' traffic when a VPN is used. To show the feasibility of AppSniffer, we evaluate the detection accuracy of AppSniffer for 100 popularly used Android apps. Our experimental results show that AppSniffer effectively identifies mobile applications over VPNs with F1-scores between 80.71% and 92.66% across four different VPN protocols. In contrast, the best state-of-the-art method (i.e., AppScanner) demonstrates significantly lower F1-scores between 31.69% and 48.22% in the same settings. Overall, when normal traffic and VPN traffic are mixed, AppSniffer achieves an F1-score of 88.52%, which is significantly better than AppScanner that shows an F1-score of 73.93%.
김형식 | hyoung@skku.edu | 보안공학 Lab. | http://seclab.skku.edu/