Large-Scale Mobile App Identification Using Deep Learning

Rezaei, Shahbaz; Kroencke, Bryce; Liu, Xin

doi:10.1109/access.2019.2962018

Cited by 91 publications

(40 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We use a real-world mobile traffic dataset from an ISP, and demonstrate that our approach has an edge over the state-of-the-art in service classification over encrypted web traffic. Table 1 compares the performance of our model with [4] and a traditional baseline.…”

Section: Contributionsmentioning

confidence: 99%

“…Using our model based on Stacked LSTM layers, we achieve an accuracy of over 95% for classification exclusively over HTTPS (i.e., HTTP/1.1 and HTTP/2 over TLS), outperforming [4] by a significant margin of nearly 50% fewer false classifications. It is also shown that our approach generally achieves higher accuracies as it is less prone to over-fitting.…”

Section: Contributionsmentioning

confidence: 99%

“…Due to a lack of standard framework for traffic classification, numerous works in traffic classification (e.g., [2,7]) pick their labels somehow arbitrarily, which are often inconsistent in granularity. Furthermore, many approaches (e.g., [3,4,6,8]) use datasets with a mixed set of protocols that are often easily distinguishable using header signatures, making it unrealistic to justify the use of computationally expensive ML models. In some cases (e.g., [1]), traffic classification approaches rely on clever techniques to guide the models based on expert domain-specific knowledge that can be jeopardized by small variations in the protocol.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web

Akbari

Salahuddin

Ven

et al. 2021

Abstract Proceedings of the 2021 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems

View full text Add to dashboard Cite

Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, e.g., as a de-facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using Deep Learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations are commonly ignored. In this paper, we design a novel feature engineering approach that generalizes well for encrypted web protocols, and develop a neural network architecture based on Stacked Long Short-Term Memory (LSTM) layers and Convolutional Neural Networks (CNN). We evaluate our approach on a real-world web traffic dataset from a major Internet service provider and Mobile Network Operator. We achieve an accuracy of 95% in service classification with less raw traffic and smaller number of parameters, out-performing a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted web protocols. We also evaluate our approach on a public QUIC dataset with finer application-level granularity in labeling, achieving an overall accuracy of 99%.

show abstract

Section: Contributionsmentioning

confidence: 99%

Section: Contributionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web

Akbari

Salahuddin

Ven

et al. 2021

Abstract Proceedings of the 2021 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems

View full text Add to dashboard Cite

show abstract

“…Для коррекции весов в процессе обучения применяется алгоритм обратного распространения ошибки (backpropagation). Для работы с большим количеством параметров во внутренних слоях сети или для определения инвариантных относительно переноса признаков свою эффективность показали свёрточные нейронные сети (CNN), использующие набор небольших ядер для преобразования поступающей информации и уменьшения числа извлекаемых признаков [12,23,[27][28][29][30].…”

Section: нейронные сетиunclassified

A Survey of Network Traffic Classification

Getman¹,

Иконникова²

2020

Proceedings of ISP RAS

View full text Add to dashboard Cite

This survey is dedicated to the task of network traffic classification, particularly to the use of machine learning algorithms in this task. The survey begins with the description of the task, its variations and possible uses in real-world problems. It then proceeds to the description of the methods used historically to solve this task, their limitations and evolution of traffic making machine learning the main way to solve the problem. Then the most popular machine learning algorithms used in this task are described, with the examples of research papers, providing the insight into their advantages and disadvantages in relation to this field. The task of feature selection is discussed, followed by the more global problem of acquiring the suitable dataset to use in the research; some examples of such popular datasets and their descriptions are provided. The paper concludes with the outline of the current problems in this research area to be solved.

show abstract

“…The technique can be exploited by an adversary for malicious purposes like recognizing potentially sensitive or vulnerable apps. With the problem of APP-ID receiving increasingly attention, there has emerged considerable related works in recent years [2]- [18].…”

Section: Introductionmentioning

confidence: 99%

Automatic Mobile App Identification From Encrypted Traffic With Hybrid Neural Networks

Wang

Chen

2020

IEEE Access

View full text Add to dashboard Cite

The proliferation of handheld devices has led to an explosive growth of mobile traffic volumes on the Internet. Network traffic classification in mobile settings, also known as mobile app identification, has become increasingly important. It is an essential step to enable network management, security operations and other services. Traditionally, the design of accurate identifiers relies on the deep packet inspection (DPI) techniques. However, such approaches have become less effective with the raising adoption of encrypted protocols in mobile applications (mostly TLS). To address the problem, various machine learning methods have been studied and used. Most of them use linear classifiers on top of hand-engineered features, which are unreliable due to the complexity of mobile traffic. In this paper we propose App-Net, an end-to-end hybrid neural network for mobile app identification from encrypted TLS traffic. App-Net is designed by combining RNN and CNN in a parallel way and can automatically learn effective features from raw TLS flows. With coordinated fusion and optimized training, the hybrid and multimodal architecture is able to characterize both flow sequence patterns and app signatures to learn a joint flow-app embedding. We evaluate App-Net on a real-world dataset covering 80 apps. The results show that our method can achieve an excellent performance and outperform the state-of-the-art methods. INDEX TERMS Mobile app identification, encrypted traffic classification, neural network, deep learning.

show abstract

Large-Scale Mobile App Identification Using Deep Learning

Cited by 91 publications

References 51 publications

A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web

A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web

A Survey of Network Traffic Classification

Automatic Mobile App Identification From Encrypted Traffic With Hybrid Neural Networks

Contact Info

Product

Resources

About