Abstract
Mobile payment apps have been widely-adopted, which brings great convenience to people’s lives. However, at the same time, user’s privacy is possibly eavesdropped and maliciously exploited by attackers. In this paper, we consider a possible way for an attacker to monitor people’s privacy on a mobile payment app, where the attacker aims to identify the user’s financial transactions at the trading stage via analyzing the encrypted network traffic. To achieve this goal, a hierarchical identification system is established, which can acquire users’ privacy information in three different manners. First, it identifies the mobile payment app from traffic data, then classifies specific actions on the mobile payment app, and finally, detects the detailed steps within the action. In our proposed system, we extract reliable features from the collected traffic data generated on the mobile payment app, then use a series of well-performing ensemble learning strategies to deal with three identification tasks. Compared with prior works, the experimental results demonstrate that our proposed hierarchical identification system performs better.
Highlights
With the rapid popularization of the smartphone and mobile E-commerce, mobile payment apps have advanced tremendously as an innovative payment style
We propose a hierarchical identification system that is capable of dealing with three different identification tasks, from app identification to actions on the payment app, to steps within the action
We mainly focus on the performance evaluation of user action identification on different apps, such as Alipay or WeChat
Summary
With the rapid popularization of the smartphone and mobile E-commerce, mobile payment apps have advanced tremendously as an innovative payment style. An adversary may acquire a user’s information (such as what type of app is used, or what action is executed, or even specific steps of the action) by analyzing the encrypted traffic from the mobile payment app. Traditional traffic analysis, such as the port-based method in Refs. In this paper, we develop a hierarchical identification system to classify the widely-used financial transaction actions and steps of mobile payment apps via encrypted network traffic.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have