FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Ede, Thijs Sebastiaan van; Bortolameotti, Riccardo; Continella, Andrea; Ren, Jingjing; Dubois, Daniel J.; Lindorfer, Martina; Choffnes, David; Steen, Maarten van; Andreas, Peter

doi:10.14722/ndss.2020.24412

Cited by 142 publications

(79 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many works have proposed a number of methods to identify the application associated with a traffic flow [79,103]. [31] Android application classification 2016 Taylor et al [146] Android application classification 2016 Lopez et al [94] IoT traffic classification 2017 Taylor et al [147] Android application classification 2018 Aceto et al [26] Mobile application classification 2018 Aceto et al [27] Mobile application classification 2019 Aiolli et al [30] Identification of user activities on smartphone-based Bitcoin wallet apps 2019 Yao et al [168] IoT traffic classification 2019 Ede et al [151] Mobile application classification 2020 Coull et al [54] Application Usage Identification however, assuming unencrypted packet payloads is not a realistic scenario in the present. The research community has investigated other ways to extract meaningful, side-channel information (packet-or network-level) that is able to be expressed into signatures.…”

Section: Network Traffic Processing and Inspectionmentioning

confidence: 99%

“…Their proposed work eliminates the process of manually selecting traffic features. FLOWPRINT [151] offers mobile application identification by analyzing the network traffic. It introduces an approach for application fingerprinting by combining destination-based clustering, browser isolation, and pattern recognition (in a semi-supervised manner).…”

Section: Protocol/application Identificationmentioning

confidence: 99%

“…In the category of application identification and classification, Yao et al [168] used the USTC-TFC2016 dataset [12] that among others contains network traffic from BitTorrent, Facetime, Gmail, and Skype. Ede et al [151] used the Recon dataset [14], which consists of labeled network traces of 512 Android apps from the Google Play Store, including multiple versions for over a period of 8 years.…”

Section: Datasetsmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021

View full text Add to dashboard Cite

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

show abstract

Section: Network Traffic Processing and Inspectionmentioning

confidence: 99%

Section: Protocol/application Identificationmentioning

confidence: 99%

Section: Datasetsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021

View full text Add to dashboard Cite

show abstract

“…For instance, AppScanner [40] used a flow-based detection approach that extracts side-channel features from the packet header and computes statistical features to train a machine learning model for mobile app classification. As apps use CDNs or shared services, similar flow characteristics will be observed, thus confusing the classification model [40,41,44]. Examples of shared services include crash analytics, mobile advertisement (ad) networks, social networks.…”

Section: Introductionmentioning

confidence: 99%

“…These services are often embedded through libraries that are used by many apps: e.g., googleads.g.doubleclick.net, lh4.googleusercontent.com and android.clients.google.com. Motivated by this issue, the authors of FlowPrint [44] proposed to construct the fingerprint of an app by considering the communication graph between the mobile device and other destinations (e.g., CDNs and third-party services) and the associated attributes such as destination IP, destination port and TLS-certificates. At the inference stage, the fingerprint collected in the past is compared with the new one to determine the app.…”

Section: Introductionmentioning

confidence: 99%

MAppGraph: Mobile-App Classification on Encrypted Network Traffic using Deep Graph Convolution Neural Networks

Pham

Truong-Huu

et al. 2021

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Identifying mobile apps based on network traffic has multiple benefits for security and network management. However, it is a challenging task due to multiple reasons. First, network traffic is encrypted using an end-to-end encryption mechanism to protect data privacy. Second, user behavior changes dynamically when using different functionalities of mobile apps. Third, it is hard to differentiate traffic behavior due to common shared libraries and content delivery within modern mobile apps. Existing techniques managed to address the encryption issue but not the others, thus achieving low detection/classification accuracy. In this paper, we present MApp-Graph, a novel technique to classify mobile apps, addressing all the above issues. Given a chunk of network traffic generated by a mobile app, MAppGraph constructs a communication graph whose nodes are defined by tuples of IP address and port of the services connected by the app, edges are established by the weighted communication correlation among the nodes. We extract information from packet headers without analyzing encrypted payload to form feature vectors of the nodes. We leverage deep graph convolution neural networks to learn the diverse communication behavior of mobile apps from a large number of graphs and achieve a fast classification. To validate our technique, we collect traffic of a hundred mobile apps on the Android platform and run extensive experiments with various experimental scenarios. The experimental results show that MAppGraph significantly improves classification accuracy by up to 20% in various metrics compared to recently developed techniques and demonstrates its practicality for security and network management for mobile services.

show abstract

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Matoušek

Burgetová

Ryšavý

et al. 2021

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Cited by 142 publications

References 31 publications

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

MAppGraph: Mobile-App Classification on Encrypted Network Traffic using Deep Graph Convolution Neural Networks

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Contact Info

Product

Resources

About