University of Twente Student Theses

Login

Identifying Application Phases in Mobile Encrypted Network Traffic

Teesselink, T. (2019) Identifying Application Phases in Mobile Encrypted Network Traffic.

This is the latest version of this item.

[img] PDF
1MB
Abstract:Abstract—Mobile devices have overtaken personal computers for everyday tasks. These devices produce massive amounts of data which contains valuable information. Two fields in which monitoring of such mobile data is used are application identification and user action identification. They focus on the identification of a single user action or identify individual applications out of a known set. Monitoring this traffic can be useful for, among other things, fingerprinting traffic, intrusion detection and user-profiling. One limitation of previous works is that they are applicable for only a single user action or application. In this paper we generalise the concept of user actions by introducing mobile application phases. Application phases describe the state an application is in after a set of user actions have been performed. In contrast to user actions, these phases are application agnostic. This means that a method capable of classifying application phases is scalable and not limited to known applications. We formally define seven different application phases and show how to detect these in Android logs. We also present four different algorithms to detect these application phases in encrypted network traffic. We look at network traffic because it makes the method more scalable than a host-based solution and has a less privacy invasive nature. These algorithms use network data from a timeseries perspective instead of a flow perspective in order to take advantage of periods where network data is scarce. To assess the quality of these algorithms we generated two novel datasets consisting of encrypted network data of 361 Android applications. We were able to detect the installation of applications with 100% accuracy and distinguish foreground from background traffic with 93% accuracy.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/79732
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page