| Citation: | DAI X L,CHENG G,LU G Y,et al. Tethering behavior detection architecture based on RTT measurement of TCP flows[J]. Journal of Beijing University of Aeronautics and Astronautics,2023,49(6):1414-1423 (in Chinese) doi: 10.13700/j.bh.1001-5965.2021.0463
|
Tethering behaviour is the sharing of an Internet connection service with other connected devices by using a mobile smart device as a NAT gateway. It will share the smartphone's data plan, especially the unlimited data plan. So, it can put ISPs under additional pressure to operate mobile Internet and have an impact on their revenue. It can hide the internal network structure from the public network same as Network Address Translation (NAT). It also provides the possibility for illegal devices to access anonymously. Due to many limitations and circumventing methods in tethering detection, the existing NAT detection technology is difficult to detect tethering behavior. In order to process and forward data traffic, we examine the features of tethering behaviors terminal devices in mobile Internet communication base station. We also analyze the relevant characteristics of RTT in TCP flows in mobile Internet traffic. Then, we propose a tethering detection method based on unsupervised analysis of RTT in TCP flows, and construct the test network environment of this method. The experimental results verify the effectiveness of this method in detecting tethering behavior, and realize the effective detection of tethering behavior in mobile Internet by passive network traffic monitoring ,with an accuracy of 97.50%.
| [1] |
WIKI. Tethering[EB/OL]. (2020-03-08) [2021-03-21].
|
| [2] |
CHOI J. Detection of misconfigured Wi-Fi tethering in managed networks[J/OL]. Preprints, 2020, (2020-03-08) [2021-03-21]. DOI: 10.20944/PREPRINTS202002.0189.V1.
|
| [3] |
We Are Social. Digital 2023: China[EB/OL]. (2021-02-09) [2021-03-21].
|
| [4] |
胡治国, 田春岐, 杜亮, 等. IP网络性能测量研究现状和进展[J]. 软件学报, 2017, 28(1): 105-134.
HU Z G, TIAN C Q, DU L, et al. Current research and future perspective on IP network performance measurement[J]. Journal of Software, 2017, 28(1): 105-134(in Chinese).
|
| [5] |
DALAL P, SARKAR M, KOTHARI N, et al. Refining TCP’s RTT dependent mechanism by utilizing link retransmission delay measurement in wireless LAN[J]. International Journal of Communication Systems, 2017, 30(5): 1-20.
|
| [6] |
CISCO. Cisco ASR 5000 ECS Administration Guide StarOS Release 21.18[EB/OL]. (2020-10-05)[2021-03-21].
|
| [7] |
STRAKA K, MANES G. Passive detection of nat routers and client counting[C]//Advances in Digital Forensics II: IFIP international Conference on Digital Forensics. Berlin: Springer , 2006: 239-246.
|
| [8] |
MAIER G, SCHNEIDER F, FELDMANN A. NAT usage in residential broadband networks[C]//International Conference on Passive and Active Network Measurement. Berlin: Springer, 2011: 32-41.
|
| [9] |
PARK H, SHIN S, ROH B, et al. Identification of hosts behind a NAT device utilizing multiple fields of IP and TCP[C]//2016 International Conference on Information and Communication Technology Convergence. Piscataway: IEEE Press, 2016: 484-486.
|
| [10] |
ZHANG B, GUAN Y, NIU W, et al. A hybrid packet clustering approach for NAT host analysis[C]//2015 IEEE International Conference on Communication Software and Networks. Piscataway: IEEE Press, 2015: 432-438.
|
| [11] |
ABT S, DIETZ C, BAIER H, et al. Passive remote source NAT detection using behavior statistics derived from netflow[C]//IFIP International Conference on Autonomous Infrastructure, Management and Security. Berlin: Springer, 2013: 148-159.
|
| [12] |
GOKCEN Y, FOROUSHANI V A, HEYWOOD A N Z. Can we identify NAT behavior by analyzing traffic flows?[C]//2014 IEEE Security and Privacy Workshops. Piscataway: IEEE Press, 2014: 132-139.
|
| [13] |
KOMAREK T, GRILL M, PEVNY T. Passive NAT detection using HTTP access logs[C]//2016 IEEE International Workshop on Information Forensics and Security. Piscataway: IEEE Press, 2016: 1-6.
|
| [14] |
SALOMONSSON S. Exploring NAT host counting using network traffic flows[D]. Karlstad : Sweden Karlstad University, 2017: 59-73.
|
| [15] |
KHATOUNI A S, ZHANG L, AZIZ K, et al. Exploring NAT detection and host identification using machine learning[C]//2019 15th International Conference on Network and Service Management. Piscataway: IEEE Press, 2019: 1-8.
|
| [16] |
IBRAHIM M, LIU H, JAWAHAR M, et al. Verification: Accuracy evaluation of Wi-Fi fine time measurements on an open platform [C]//Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. New York: ACM , 2018: 417-427.
|
| [17] |
HAN K, YU S M, KIM S L, et al. Exploiting user mobility for Wi-Fi RTT positioning: A geometric approach[J]. IEEE Internet of Things Journal, 2021, 8(19): 14589-14606. doi: 10.1109/JIOT.2021.3070367
|
| [18] |
ROY A K, KHAN A K. Privacy preservation with RTT-based detection for wireless mesh networks[J]. IET Information Security, 2020, 14(4): 391-400. doi: 10.1049/iet-ifs.2019.0492
|
| [19] |
HOU B, HOU C, ZHOU T, et al. Detection and characterization of network anomalies in large-scale RTT time series[J]. IEEE Transactions on Network and Service Management, 2021, 18(1): 793-806. doi: 10.1109/TNSM.2021.3050495
|
| [20] |
CHENG Y. Mean shift, mode seeking, and clustering[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1995, 17(8): 790-799. doi: 10.1109/34.400568
|
| [21] |
COMANICIU D. An algorithm for data-driven bandwidth selection[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2003, 25(2): 281-288.
|
Figures(6) / Tables(4)
Copyright © Journal of Beijing University of Aeronautics and Astronautics
Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@cqjj8.com
Supported by:
Beijing Renhe Information Technology Co., Ltd.
DownLoad:
