IDEAS home Printed from https://ideas.repec.org/a/sae/intdis/v14y2018i12p1550147718817292.html
   My bibliography  Save this article

Mobile app identification for encrypted network flows by traffic correlation

Author

Listed:
  • Gaofeng He
  • Bingfeng Xu
  • Lu Zhang
  • Haiting Zhu

Abstract

Mobile application (simply “app†) identification at a per-flow granularity is vital for traffic engineering, network management, and security practices. However, uncertainty is caused by a growing fraction of encrypted traffic such as Hypertext Transfer Protocol Secure. To address this challenge, we have carefully analyzed mobile app traffic (mainly including Domain Name System, Hypertext Transfer Protocol, and encrypted traffic such as Secure Sockets Layer and Transport Layer Security) and observed that (1) the sets of server hostnames queried by different apps are distinguishable; (2) mobile apps may query multiple server hostnames simultaneously, that is, apps may send several Domain Name System lookups within a short time interval; and (3) the encrypted traffic may be similar to various other network flows generated by the same app. Based on these three observations, in this article, we propose a novel app identification methodology for encrypted network flows. To be specific, temporal, lexical, and metadata similarity are investigated to select correlated traffic and information retrieving techniques are adopted to identify apps. We ran a thorough set of experiments to assess the performance of the proposed approaches. The experimental results show that the identification accuracy can be as high as 95%, and the proposed methods have low storage requirements as well as fast training speeds.

Suggested Citation

  • Gaofeng He & Bingfeng Xu & Lu Zhang & Haiting Zhu, 2018. "Mobile app identification for encrypted network flows by traffic correlation," International Journal of Distributed Sensor Networks, , vol. 14(12), pages 15501477188, December.
    • Handle: RePEc:sae:intdis:v:14:y:2018:i:12:p:1550147718817292
    DOI: 10.1177/1550147718817292
    as

    Download full text from publisher

    File URL: https://journals.sagepub.com/doi/10.1177/1550147718817292
    Download Restriction: no
    File URL: https://libkey.io/10.1177/1550147718817292?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Pooja MEHTA & Ruchil SHAH, 2017. "A Survey of Network Based Traffic Classification Methods," Database Systems Journal, Academy of Economic Studies - Bucharest, Romania, vol. 7(4), pages 24-31, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:sae:intdis:v:14:y:2018:i:12:p:1550147718817292. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: SAGE Publications (email available below). General contact details of provider: .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.