VOOZH about

URL: https://pubmed.ncbi.nlm.nih.gov/31373286/

โ‡ฑ Hierarchical Identifier: Application to User Privacy Eavesdropping on Mobile Payment App - PubMed

Clipboard, Search History, and several other advanced features are temporarily unavailable.
Skip to main page content
๐Ÿ‘ Dot gov

The .gov means itโ€™s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure youโ€™re on a federal government site.

๐Ÿ‘ Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Abstract

Mobile payment apps have been widely-adopted, which brings great convenience to people's lives. However, at the same time, user's privacy is possibly eavesdropped and maliciously exploited by attackers. In this paper, we consider a possible way for an attacker to monitor people's privacy on a mobile payment app, where the attacker aims to identify the user's financial transactions at the trading stage via analyzing the encrypted network traffic. To achieve this goal, a hierarchical identification system is established, which can acquire users' privacy information in three different manners. First, it identifies the mobile payment app from traffic data, then classifies specific actions on the mobile payment app, and finally, detects the detailed steps within the action. In our proposed system, we extract reliable features from the collected traffic data generated on the mobile payment app, then use a series of well-performing ensemble learning strategies to deal with three identification tasks. Compared with prior works, the experimental results demonstrate that our proposed hierarchical identification system performs better.

Keywords: financial transaction action; mobile payment app; privacy security; traffic identification.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

๐Ÿ‘ Figure 1
Figure 1
Packet time series distribution of user actions on the Alipay app.
๐Ÿ‘ Figure 2
Figure 2
Hierarchical identification system.
๐Ÿ‘ Figure 3
Figure 3
Configuration environment of traffic mirroring.
๐Ÿ‘ Figure 4
Figure 4
The confusion matrix on action identification using the AdaBoost algorithm.
๐Ÿ‘ Figure 5
Figure 5
The confusion matrix on step identification using the AdaBoost algorithm, where each step index refers to Table 1.

References

    1. Moore D., Keys K., Koga R., Lagache E. CoralReef software suite as a tool for system and network administrators. [(accessed on 10 July)]; Available online: http://www.caida.org/publications/papers/2001/CoralApps/CoralApps.pdf.
    1. Fraleigh C., Moon S., Lyles B., Cotton C., Khan M., Moll D., Rockell R., Seely T., Diot S.C. Packet-level traffic measurements from the Sprint IP backbone. IEEE Netw. 2003;17:6โ€“16. doi: 10.1109/MNET.2003.1248656. - DOI
    1. Sen S., Spatscheck O., Wang D. Accurate, scalable in-network identification of p2p traffic using application signatures; Proceedings of the 13th International Conference on World Wide Web; New York, NY, USA. 17โ€“20 May 2004; pp. 512โ€“521.
    1. Moore A.W., Papagiannaki K. International Workshop on Passive and Active Network Measurement. Springer; Berlin, Germany: 2005. Toward the accurate identification of network applications; pp. 41โ€“54.
    1. Sun G.L., Xue Y., Dong Y., Wang D., Li C. An novel hybrid method for effectively classifying encrypted traffic; Proceedings of the 2010 IEEE Global Telecommunications Conference GLOBECOM 2010; Miami, FL, USA. 6โ€“10 December 2010; pp. 1โ€“5.

Grants and funding

LinkOut - more resources

Full text links
๐Ÿ‘ MDPI full text link
MDPI Free PMC article
Cite
Send To

NCBI Literature Resources

MeSH PMC Bookshelf Disclaimer

The PubMed wordmark and PubMed logo are registered trademarks of the U.S. Department of Health and Human Services (HHS). Unauthorized use of these marks is strictly prohibited.