I know what you did on your smartphone: Inferring app usage over encrypted data traffic

Wang, Qinglong; Yahyavi, Amir; Kemme, Bettina; He, Wenbo

doi:10.1109/cns.2015.7346855

Cited by 74 publications

(42 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous work dealing with encrypted traffic mostly applies ML techniques. Wang et al [17] propose a system for identifying smartphone apps from encrypted wireless traffic. ey collect data from 13 arbitrarily chosen apps by running them dynamically and training a Random Forest (RF) classifier with features from Layer 2 frames.…”

Section: Traffic Classification For App-idmentioning

confidence: 99%

Real Network Traffic Collection and Deep Learning for Mobile App Identification

Wang

Chen

2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The proliferation of mobile devices over recent years has led to a dramatic increase in mobile traffic. Demand for enabling accurate mobile app identification is coming as it is an essential step to improve a multitude of network services: accounting, security monitoring, traffic forecasting, and quality-of-service. However, traditional traffic classification techniques do not work well for mobile traffic. Besides, multiple machine learning solutions developed in this field are severely restricted by their handcrafted features as well as unreliable datasets. In this paper, we propose a framework for real network traffic collection and labeling in a scalable way. A dedicated Android traffic capture tool is developed to build datasets with perfect ground truth. Using our established dataset, we make an empirical exploration on deep learning methods for the task of mobile app identification, which can automate the feature engineering process in an end-to-end fashion. We introduce three of the most representative deep learning models and design and evaluate our dedicated classifiers, namely, a SDAE, a 1D CNN, and a bidirectional LSTM network, respectively. In comparison with two other baseline solutions, our CNN and RNN models with raw traffic inputs are capable of achieving state-of-the-art results regardless of TLS encryption. Specifically, the 1D CNN classifier obtains the best performance with an accuracy of 91.8% and macroaverage F-measure of 90.1%. To further understand the trained model, sample-specific interpretations are performed, showing how it can automatically learn important and advanced features from the uppermost bytes of an app’s raw flows.

show abstract

Section: Traffic Classification For App-idmentioning

confidence: 99%

Real Network Traffic Collection and Deep Learning for Mobile App Identification

Wang

Chen

2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Destination port 1 [24] (N+2) * (N+1)/2 from the first five packets with non-null payload of each flow given that Bernaille et al [23] found that the first five packets of a TCP connection are effective for traffic classification. [12,14,15] has shown decision tree-based models have an impressive performance in identifying mobile traffic. Therefore, we use decision treebased models as base classifiers to implement our method.…”

Section: Feature Description Numbermentioning

confidence: 99%

“…Machine Learning-Based Traffic Identification. Wang et al[12] proposed a system for identifying mobile apps. A visualization of the three-layer classifier.…”

mentioning

confidence: 99%

Identifying Known and Unknown Mobile Application Traffic Using a Multilevel Classifier

Zhao

Chen

Sun

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Due to the proliferation of mobile applications, mobile traffic identification plays a crucial role in understanding the network traffic. However, the pervasive unconcerned apps and the emerging apps pose great challenges to the mobile traffic identification method based on supervised machine learning, since such method merely identifies and discriminates several apps of interest. In this paper we propose a three-layer classifier using machine learning to identify mobile traffic in open-world settings. The proposed method has the capability of identifying traffic generated by unconcerned apps and zero-day apps; thus it can be applied in the real world. A self-collected dataset that contains 160 apps is used to validate the proposed method. The experimental results show that our classifier achieves over 98% precision and produces a much smaller number of false positives than that of the state of the art.

show abstract

“…Several works addressed privacy threats and implications because of specific technical and usage characteristics of mobile devices. These include the typical "one app at a time" use [10], the possible privacy leakage from the use of sensors [11], location privacy [12] or, more in general, privacy in mobile environments [13]. This paper, to the best of our knowledge, is the first to deal expressly with using mobile push notifications to bind real and virtual identities.…”

Section: Privacy Implicationsmentioning

confidence: 99%

Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications

2018

View full text Add to dashboard Cite

Popular mobile apps use push notifications extensively to offer an "always connected" experience to their users. Social networking apps use them as a real-time channel to notify users about new private messages or new social interactions (e.g., friendship request, tagging, etc.). Despite the cryptography used to protect these communication channels, the strict temporal binding between the actions that trigger the notifications and the reception of the notification messages in the mobile device may represent a privacy issue. In this work, we present the push notification attack designed to bind the physical owners of mobile devices with their virtual identities, even if pseudonyms are used. In an online attack, an active attacker triggers a push notification and captures the notification packets that transit in the network. In an offline attack, a passive attacker correlates the social network activity of a user with the received push notification. The push notification attack bypasses the standard ways of protecting user privacy based on the network layer by operating at the application level. It requires no additional software on the victim's mobile device.

show abstract

I know what you did on your smartphone: Inferring app usage over encrypted data traffic

Cited by 74 publications

References 19 publications

Real Network Traffic Collection and Deep Learning for Mobile App Identification

Real Network Traffic Collection and Deep Learning for Mobile App Identification

Identifying Known and Unknown Mobile Application Traffic Using a Multilevel Classifier

Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications

Contact Info

Product

Resources

About