AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic
作者: Vincent F. Taylor , Riccardo Spolaor , Mauro Conti , Ivan Martinovic
关键词: Mobile computing 、 Exploit 、 Computer science 、 World Wide Web 、 Network planning and design 、 Encryption 、 Android (operating system) 、 Scalability 、 Network packet 、 Cryptographic protocol
摘要: Automatic fingerprinting and identification of smartphone apps is becoming a very attractive data gathering technique for adversaries, network administrators, investigators marketing agencies. In fact, the list installed on device can be used to identify vulnerable an attacker exploit, uncover victim's use sensitive apps, assist planning, aid marketing. However, app complicated by vast number available download, wide range devices they may on, payload encryption protocols such as HTTPS/TLS. this paper, we present novel methodology framework implementing it, called AppScanner, automatic real-time Android from their encrypted traffic. To build fingerprints, run automatically physical collect traces. We apply various processing strategies these traces before extracting features that are train our supervised learning algorithms. Our fingerprint generation highly scalable does not rely inspecting packet payloads, thus works even when HTTPS/TLS employed. built deployed lightweight ran thorough set experiments assess its performance. profiled 110 most popular in Google Play Store were later able re-identify them with more than 99% accuracy.
sci-hub.se 参考文章(20)
Andrew Hintz, Fingerprinting websites using traffic analysis privacy enhancing technologies. pp. 171- 178 ,(2002) , 10.1007/3-540-36467-6_13
Hyo-Sik Ham, Mi-Jung Choi, Applicaion-level traffic analysis of smartphone users using embedded agents asia pacific network operations and management symposium. pp. 1- 4 ,(2012) , 10.1109/APNOMS.2012.6356057
Hossein Falaki, Dimitrios Lymberopoulos, Ratul Mahajan, Srikanth Kandula, Deborah Estrin, A first look at traffic on smartphones internet measurement conference. pp. 281- 287 ,(2010) , 10.1145/1879141.1879176
Shuo Zhang, Xinyu Zhang, Jun Liu, Gang Cheng, Jie Yang, Analysis of smartphone traffic with MapReduce wireless and optical communications conference. pp. 394- 398 ,(2013) , 10.1109/WOCC.2013.6676399
Aravind Machiry, Rohan Tahiliani, Mayur Naik, Dynodroid: an input generation system for Android apps foundations of software engineering. pp. 224- 234 ,(2013) , 10.1145/2491411.2491450
Sang-Woo Lee, Jun-Sang Park, Hyun-Shin Lee, Myung-Sup Kim, A study on Smart-phone traffic analysis 2011 13th Asia-Pacific Network Operations and Management Symposium. pp. 1- 7 ,(2011) , 10.1109/APNOMS.2011.6077033
Tim Stöber, Mario Frank, Jens Schmitt, Ivan Martinovic, Who do you sync you are?: smartphone fingerprinting via application behaviour wireless network security. pp. 7- 12 ,(2013) , 10.1145/2462096.2462099
Thuy T.T. Nguyen, Grenville Armitage, A survey of techniques for internet traffic classification using machine learning IEEE Communications Surveys and Tutorials. ,vol. 10, pp. 56- 76 ,(2008) , 10.1109/SURV.2008.080406
Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Andreas Müller, Joel Nothman, Gilles Louppe, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, Jake Vanderplas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, Édouard Duchesnay, Scikit-learn: Machine Learning in Python Journal of Machine Learning Research. ,vol. 12, pp. 2825- 2830 ,(2011)
Dominik Herrmann, Rolf Wendolsky, Hannes Federrath, Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier ieee international conference on cloud computing technology and science. pp. 31- 42 ,(2009) , 10.1145/1655008.1655013