FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Thijs Sebastiaan van Ede*, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen, Andreas Peter

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

6 Downloads (Pure)

Abstract

Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.

As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.
We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.
Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.
We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.
In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication.
Original languageEnglish
Title of host publicationNetwork and Distributed System Security Symposium (NDSS)
Place of PublicationSan Diego
PublisherInternet Society
Edition27
ISBN (Electronic)1-891562-61-4
DOIs
Publication statusPublished - 24 Feb 2020
EventNetwork and Distributed System Security Symposium, NDSS 2020 - Catamaran Resort Hotel & Spa, San Diego, United States
Duration: 23 Feb 202026 Feb 2020
https://www.ndss-symposium.org/ndss2020/

Conference

ConferenceNetwork and Distributed System Security Symposium, NDSS 2020
Abbreviated titleNDSS 2020
CountryUnited States
CitySan Diego
Period23/02/2026/02/20
Internet address

Fingerprint Dive into the research topics of 'FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic'. Together they form a unique fingerprint.

  • Cite this

    van Ede, T. S., Bortolameotti, R., Continella, A., Ren, J., Dubois, D. J., Lindorfer, M., ... Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. In Network and Distributed System Security Symposium (NDSS) (27 ed.). San Diego: Internet Society. https://doi.org/10.14722/ndss.2020.24412