Fingerprinting Of Mobile Apps Based On Traffic Analysis

Recently,with the development of mobile devices and the booming of mobile application market,the proportion of mobile traffic in the total network traffic has rapidly increased.How to monitor these traffic has caused growing concern.For finegrained traffic monitoring,it is important to identify the source of the traffic.Identification of mobile application shows its effetiveness in solving these questions and has received extensive attention.Current technology of application fingerprinting can be roughly divided into two categories: dynamic and static.On the one hand,most of the work makes analysis by collecting traffic dynamically.However,due to the fact that there are no effective automated testing tools that can fully exercise the execution paths,which means the coverage of traffic is quite low.On the other hand,some of the work analyzes applications statically to extract traffic features.However,due to the complexity of static analysis methods,it is difficult to accurately reconstruct the flow.At the same time,the disadvantage of time-consuming makes it challenging to perform large-scale analysis.In order to solve the problems above,this paper combines the methods of dynamic and static to extract features and then design effective methods for fingerprinting.Also,it implements an application identification system,of which the specific work includes the following three aspects:1.It studies the method of traffic feature extraction based on dynamic traffic collection and static feature extraction.With the help of Android virtual machine and fuzzy testing tool,a large-scale automated traffic collection platform for testing Android applications and collecting traffic data is implemented.Then,this paper studies a method based on reverse engineering to extract features statically.With the combination of these two methods,both the problems of low traffic coverage of dynamic collection and time-consuming of static extraction are addressed.2.It studies the technology of application fingerprinting based on traffic analysis.Through integration of application features from all aspects and combination of thirdparty traffic,this paper designs an effective method of application fingerprinting based on Na?ve Bayes Algorithm.In the case of low traffic coverage,with the help of static features,the application can be identified with an accuracy of about 90% after monitoring more than 13 outgoing packets from the target application continuously.In the case of high flow coverage,the accuracy rate reaches 90.5% after monitoring only 4 packets.3.Based on the theoretical results of fingerprint identification above,this paper designs and implements a mobile application fingerprinting system,which can monitor the outgoing traffic of the target device and identify the source application of the traffic online.In conclusion,this paper makes research on the technology of Android application fingerprinting based on traffic analysis.An automatic traffic collecting platform is established for collecting samples of traffic.Features of application traffic are extracted with the help of dynamic and static methods and an effective method by applying na?ve bayes classifier to identify fingerprints are designed.Based on these technology,a system of application fingerprinting is implemented to identify the source application of traffic.