FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Thijs Sebastiaan van Ede; Riccardo  Bortolameotti; Jingjing Ren; Daniel J. Dubois; Martina Lindorfer; David Choffnes; Maarten van Steen; Andreas  Peter; Andrea  Continella

doi:10.14722/ndss.2020.24412

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Thijs Sebastiaan van Ede^*, Riccardo Bortolameotti, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen, Andreas Peter, Andrea Continella

^*Corresponding author for this work

Services, Cybersecurity & Safety

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

18 Downloads (Pure)

Abstract

Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.

As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.
We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.
Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.
We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.
In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.

Original language	English
Title of host publication	Network and Distributed System Security Symposium (NDSS)
Place of Publication	San Diego
Publisher	Internet Society
Edition	27
ISBN (Electronic)	1-891562-61-4
DOIs	https://doi.org/10.14722/ndss.2020.24412
Publication status	Published - 24 Feb 2020
Event	Network and Distributed System Security Symposium, NDSS 2020 - Catamaran Resort Hotel & Spa, San Diego, United States Duration: 23 Feb 2020 → 26 Feb 2020 https://www.ndss-symposium.org/ndss2020/

Conference

Conference	Network and Distributed System Security Symposium, NDSS 2020
Abbreviated title	NDSS 2020
Country	United States
City	San Diego
Period	23/02/20 → 26/02/20
Internet address	https://www.ndss-symposium.org/ndss2020/

Keywords

Cybersecurity

Access to Document

10.14722/ndss.2020.24412

flowprintFinal published version, 943 KB

Fingerprint Dive into the research topics of 'FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic'. Together they form a unique fingerprint.

Cite this

van Ede, Thijs Sebastiaan ; Bortolameotti, Riccardo ; Ren, Jingjing ; Dubois, Daniel J. ; Lindorfer, Martina ; Choffnes, David ; van Steen, Maarten ; Peter, Andreas ; Continella, Andrea . / FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. Network and Distributed System Security Symposium (NDSS). 27. ed. San Diego : Internet Society, 2020.

@inproceedings{e403372250d547a688d88ef77c1380eb,

title = "FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic",

abstract = "Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.",

keywords = "Cybersecurity",

author = "{van Ede}, {Thijs Sebastiaan} and Riccardo Bortolameotti and Jingjing Ren and Dubois, {Daniel J.} and Martina Lindorfer and David Choffnes and {van Steen}, Maarten and Andreas Peter and Andrea Continella",

year = "2020",

month = feb,

day = "24",

doi = "10.14722/ndss.2020.24412",

language = "English",

booktitle = "Network and Distributed System Security Symposium (NDSS)",

publisher = "Internet Society",

edition = "27",

note = "Network and Distributed System Security Symposium, NDSS 2020, NDSS 2020 ; Conference date: 23-02-2020 Through 26-02-2020",

url = "https://www.ndss-symposium.org/ndss2020/",

}

van Ede, TS, Bortolameotti, R, Ren, J, Dubois, DJ, Lindorfer, M, Choffnes, D, van Steen, M , Peter, A & Continella, A 2020, FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. in Network and Distributed System Security Symposium (NDSS). 27 edn, Internet Society, San Diego, Network and Distributed System Security Symposium, NDSS 2020, San Diego, United States, 23/02/20. https://doi.org/10.14722/ndss.2020.24412

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. / van Ede, Thijs Sebastiaan; Bortolameotti, Riccardo ; Ren, Jingjing; Dubois, Daniel J.; Lindorfer, Martina; Choffnes, David; van Steen, Maarten ; Peter, Andreas ; Continella, Andrea .

Network and Distributed System Security Symposium (NDSS). 27. ed. San Diego : Internet Society, 2020.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

AU - van Ede, Thijs Sebastiaan

AU - Bortolameotti, Riccardo

AU - Ren, Jingjing

AU - Dubois, Daniel J.

AU - Lindorfer, Martina

AU - Choffnes, David

AU - van Steen, Maarten

AU - Peter, Andreas

AU - Continella, Andrea

PY - 2020/2/24

Y1 - 2020/2/24

N2 - Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.

AB - Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.

KW - Cybersecurity

U2 - 10.14722/ndss.2020.24412

DO - 10.14722/ndss.2020.24412

M3 - Conference contribution

BT - Network and Distributed System Security Symposium (NDSS)

PB - Internet Society

CY - San Diego

T2 - Network and Distributed System Security Symposium, NDSS 2020

Y2 - 23 February 2020 through 26 February 2020

ER -