A survey on analyzing encrypted network traffic of mobile devices | International Journal of Information Security Skip to main content
Springer Nature Link
Log in

A survey on analyzing encrypted network traffic of mobile devices

  • Survey
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Over the years, use of smartphones has come to dominate several areas, improving our lives, offering us convenience, and reshaping our daily work circumstances. Beyond traditional use for communication, they are used for many peripheral tasks such as gaming, browsing, and shopping. A significant amount of traffic over the Internet belongs to the applications running over mobile devices. Applications encrypt their communication to ensure the privacy and security of the user’s data. However, it has been found that the amount and nature of incoming and outgoing traffic to a mobile device could reveal a significant amount of information that can be used to identify the activities performed and to profile the user. To that end, researchers are trying to develop techniques to classify encrypted mobile traffic at different levels of granularity, with the objectives of performing mobile user profiling, network performance optimization, etc. This paper proposes a framework to categorize the research works on analyzing encrypted network traffic related to mobile devices. After that, we provide an extensive review of the state of the art based on the proposed framework.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Data availability

Not applicable.

Code availability

Not applicable.

References

  1. May 2020 Mobile User Statistics: Discover the Number of Phones in The World & Smartphone Penetration by Country or Region. https://www.bankmycell.com/blog/how-many- phones-are-in-the-world. Accessed 05 May 2020

  2. Percentage of mobile device website traffic worldwide from 1st quarter 2015 to 1st quarter 2021, https://www.statista.com/statistics/277125/share-of-website-traffic-coming-from-mobile-devices/. Accessed 12 Dec 2021

  3. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2017–2022 White Paper, https://s3.amazonaws.com/media.mediapost.com/uploads/CiscoForecast.pdf. Accessed 12 Dec 2021

  4. C. Systems, Mobile Data Traffic Outlook - Mobility Report. https://www.ericsson.com/en/mobility-report/reports/june-2019/mobile-data-traffic-outlook. Accessed 15 Nov 2019

  5. Cisco Visual Networking Index: Global - 2021 Forecast Highlights. https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast-highlights/pdf/Global_2021_Forecast_Highlights.pdf. Accessed 12 Dec 2021

  6. Most popular mobile messaging apps worldwide as of October 2021, based on number of monthly active users, https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/. Accessed 12 Dec 2021

  7. Wireshark. Accessed 2 Feb 2019. https://www.wireshark.org

  8. eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News... [Online]. https://www.emule-project.net/home/perl/general.cgi?l=1. Accessed 21 Aug 2019

  9. BitTorrent|The World’s Most Popular Torrent Client.” [Online]. https://www.bittorrent.com/. Accessed 21 Aug 2019

  10. Traffic shaping - Wikipedia. [Online]. https://en.wikipedia.org/wiki/Traffic_shaping. Accessed 23 Jun 2021

  11. Obfuscating BitTorrent - Bram Cohen’s Journal - LiveJournal. [Online]. https://bramcohen.livejournal.com/29886.html. Accessed 25 Aug 2019

  12. Why Encrypting BitTorrent Traffic Is Bad|WIRED. [Online]. https://www.wired.com/2006/12/why-encrypting-bittorrent-traffic-is-bad/. Accessed 25 Aug 2019

  13. Gai, S., McCloghrie, K., Mohaban, S.: Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows. uS Patent 6,651,101 (Nov 18 2003)

  14. S. CAIDA, Transport layer identification of p2p traffic

  15. Finsterbusch, M., Richter, C., Rocha, E., Muller, J., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2014). https://doi.org/10.1109/SURV.2013.100613.00161

    Article  Google Scholar 

  16. Velan, P., Čermák, M., Čeleda, P., Drašar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25(5), 355–374 (2015)

    Article  Google Scholar 

  17. Aceto, G., Ciuonzo, D., Montieri, A., Pescapè, A.: Mimetic: mobile encrypted traffic classification using multimodal deep learning. Comput. Netw. 165, 106944 (2019)

    Article  Google Scholar 

  18. Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 332–346. IEEE (2012)

  19. Luo, X., Zhou, P., Chan, E.W., Lee, W., Chang, R.K., Perdisci, R.: Httpos: sealing information leaks with browser-side obfuscation of encrypted flows. In: NDSS, vol. 11. Citeseer (2011)

  20. Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: NDSS, vol. 9. Citeseer (2009)

  21. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Security 11(1), 114–125 (2016)

    Article  Google Scholar 

  22. Cao, Z., Xiong, G., Zhao, Y., Li, Z., Guo, L.: A survey on encrypted traffic classification. In: International Conference on Applications and Techniques in Information Security, pp. 73–81. Springer (2014)

  23. Saramäki, J., Moro, E.: From seconds to months: an overview of multi-scale dynamics of mobile telephone calls. Eur. Phys. J. B 88(6), 1–10 (2015)

    Article  Google Scholar 

  24. Blondel, V.D., Decuyper, A., Krings, G.: A survey of results on mobile phone datasets analysis. EPJ Data Sci. 4(1), 10 (2015)

    Article  Google Scholar 

  25. Naboulsi, D., Fiore, M., Ribot, S., Stanica, R.: Large-scale mobile traffic analysis: a survey. IEEE Commun. Surv. Tutor. 18(1), 124–161 (2015)

    Article  Google Scholar 

  26. Kumar, S., Indu, S., Walia, G.S.: Smartphone traffic analysis: a contemporary survey of the state-of-the-art. In: Proceedings of the 6th International Conference on Mathematics and Computing, pp. 325–343. Springer, Singapore (2021)

  27. Wang, P., Chen, X., Ye, F., Sun, Z.: A survey of techniques for mobile service encrypted traffic classification using deep learning. IEEE Access 7, 54024–54033 (2019)

    Article  Google Scholar 

  28. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manag. 16(2), 445–458 (2019)

    Article  Google Scholar 

  29. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Toward effective mobile encrypted traffic classification through deep learning. Neurocomputing 409, 306–315 (2020)

    Article  Google Scholar 

  30. Conti, M., Li, Qian Q., Maragno, A., Spolaor, R.: The dark side (-channel) of mobile devices: a survey on network traffic analysis. IEEE Commun. Surv. Tutor. 20(4):2658-2713 (2018)

  31. Iyengar, J., Thomson, M.: QUIC: a UDP-Based Multiplexed and Secure Transport; draft-ietf-quic-transport-24. Newark, DE, USA, Internet Engineering Task Force (2019)

    Google Scholar 

  32. Gember, A., Anand, A., Akella, A.: A comparative study of handheld and non-handheld traffic in campus wi-fi networks. In: International Conference on Passive and Active Network Measurement, Springer, pp. 173–183 (2011)

  33. Kakhki, A.M., Jero, S., Choffnes, D., Nita-Rotaru, C., Mislove, A.: Taking a long look at QUIC: an approach for rigorous evaluation of rapidly evolving transport protocols. In: Proceedings of the 2017 Internet Measurement Conference, pp. 290–303 (2017)

  34. Diego, M., Torrealba, L., Madariaga, J., Bermúdez, J., Bustos-Jiménez, J.: Analyzing the adoption of QUIC from a mobile development perspective. In: Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, pp. 35–41 (2020)

  35. Maier, G., Schneider, F., Feldmann, A.: A first look at mobile hand-held device traffic. In: International Conference on Passive and Active Network Measurement. Springer, pp. 161–170 (2010)

  36. Lee, S.-W., Park, J.-S., Lee, H.-S., Kim, M.-S.: A study on smart-phone traffic analysis. In: 13th Asia-Pacific Network Operations and Management Symposium, vol. 2011, pp. 1–7. IEEE (2011)

  37. Afanasyev, M., Chen, T., Voelker, G.M., Snoeren, A.C.: Usage patterns in an urban wifi network. IEEE/ACM Trans. Network. 18(5), 1359–1372 (2010)

    Article  Google Scholar 

  38. Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. CoRR arXiv:1810.07906

  39. Kausar, F., Aljumah, S., Alzaydi, S., Alroba, R.: Traffic analysis attack for identifying user’s online activities. IT Professional 21(2), 50–57 (2019)

  40. Trujillo, A.G.S., Orozco, A.L.S., Villalba, L.J.G., Kim, T.-H.: A traffic analysis attack to compute social network measures. Mult. Tools Appl. 78(21), 29731–29745 (2019)

    Article  Google Scholar 

  41. Bahramali, A., Soltani, R., Houmansadr, A., Goeckel, D., Towsley, D.: Practical traffic analysis attacks on secure messaging applications, arXiv preprint arXiv:2005.00508

  42. Ruffing, N., Zhu, Y., Libertini, R., Guan, Y., Bettati, R.: Smartphone reconnaissance: Operating system identification. In: 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), vol. 2016, pp. 1086–1091. IEEE (2016)

  43. Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Workshop on Mobile Security Technologies (MoST), vol. 10. Citeseer (2012)

  44. Guan, J., Yao, S., Xu, C., Zhang, H.: Design and implementation of network user behaviors analysis based on hadoop for big data. In: International Conference on Applications and Techniques in Information Security, pp. 44–55. Springer (2014)

  45. Naik, M., Bhatia, A., Tiwari, K.: I know who you are: a learning framework to profile smartphone users. In: 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), pp. 555–558. IEEE (2020)

  46. Niu, L.B.G.L.W., Warren, M.: Applications and techniques in information security

  47. Chen, Z., Tao, Y., Li, G.: A method for detecting trojan based on hidden network traffic analysis. In: International Conference on Applications and Techniques in Information Security, pp. 65–72. Springer (2014)

  48. Martin, T., Turner, S.: Using TLS to Secure QUIC-draft-ietf-quic-tls-29. 50 (2020)

  49. Husák, M., Čermák, M., Jirsík, T., Čeleda, P.: Https traffic analysis and client identification using passive ssl/tls fingerprinting. EURASIP J. Inf. Secur. 2016(1), 6 (2016)

    Article  Google Scholar 

  50. Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The ssl landscape: a thorough analysis of the x. 509 pki using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 427–444 (2011)

  51. ipoque GmbH, PACE 2.0 Web Page, https://www.ipoque.com/products/dpi-engine-rsrpace -2. Accessed 27 Dec 2018

  52. C. Systems, Network Based Application Recognition (NBAR). http://www.cisco.com/c/en/us/products/ios-nx-os-software/network-based-application-recognition-nbar. Accessed 27 Dec 2018

  53. Deri, L., Martinelli, M., Bujlow, T., Cardigliano, A.: ndpi: open-source high-speed deep packet inspection. In: Wireless Communications and Mobile Computing Conference (IWCMC), International, IEEE, 2014, pp. 617–622 (2014)

  54. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015)

  55. Krishnamurthy, B.: Privacy and online social networks: Can colorless green ideas sleep furiously? IEEE Secur Privacy 11(3), 14–20 (2013)

    Article  Google Scholar 

  56. Papadogiannaki, E., Halevidis, C., Akritidis, P., Koromilas, L.: Otter: A scalable high-resolution encrypted traffic identification engine. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 315–334. Springer, Cham (2018, September)

  57. Hammad, M.M., Shafiq, Z.: Real-time video quality of experience monitoring for https and quic. In: IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pp. 1331–1339. IEEE (2018)

  58. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 31–42 (2009)

  59. Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 227–238 (2014)

  60. Gonzalez, R., Soriente, C., Laoutaris, N.: User profiling in the time of https. In: Proceedings of the 2016 Internet Measurement Conference, pp. 373–379 (2016, November)

  61. Song, D.X., Wagner, D.A., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: USENIX Security Symposium, vol. 2001 (2001)

  62. Seneviratne, S., Seneviratne, A., Mohapatra, P., Mahanti, A.: Predicting user traits from a snapshot of apps installed on a smartphone. SIGMOBILE Mob. Comput. Commun. Rev. 18(2), 1–8 (2014). https://doi.org/10.1145/2636242.2636244

    Article  Google Scholar 

  63. MonkeyRunner, https://developer.android.com/studio/ test/monkeyrunner/. Accessed 1 Jan 2019

  64. Machiry, A., Tahiliani, R., Naik, M.: Dynodroid: An input generation system for android apps. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, ACM, pp. 224–234 (2013)

  65. tPacketCapture. Accessed 1 Jan 2019

  66. Tcpdump. https://www.tcpdump.org/. Accessed 1 Jan 2019

  67. tinyproxy. https://tinyproxy.github.io/. Accessed 1 Jan 2019

  68. Liu, Z., Wang, R.: Mobilegt: a system to collect mobile traffic trace and build the ground truth. In: 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), 2016, pp. 142–144. https://doi.org/10.1109/ATNAC.2016.7878798

  69. Spolaor, R., Santo, E.D., Conti, M.: Delta: data extraction and logging tool for android. IEEE Trans. Mobile Comput. 17(6), 1289–1302 (2018)

    Article  Google Scholar 

  70. Falaki, H., Mahajan, R., Estrin, D.: A tool for monitoring usage in smartphone research deployments, mobiarch’11, bethesda, maryland, usa ACM, New York (2011)

    Google Scholar 

  71. Nandugudi, A., Maiti, A., Ki, T., Bulut, M. F., Demirbas, M., Kosar, T., Qiao, C., Ko, S. Y., Challen, G.: Phonelab: a large programmable smartphone testbed. In: SENSEMINE@SenSys (2013)

  72. Li, L., Zhao, Y., Jiang, D., Zhang, Y., Wang, F., Gonzalez, I., Valentin, E., Sahli, H.: Hybrid deep neural network-hidden markov model (dnn-hmm) based speech emotion recognition. In: Humaine Association Conference on Affective Computing and Intelligent Interaction, vol. 2013, pp. 312–317 (2013). https://doi.org/10.1109/ACII.2013.58

  73. Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. CoRR arXiv:1512.00567

  74. van den Oord, A., Dieleman, S., Zen, H., Simonyan, K., Vinyals, O., Graves, A., Kalchbrenner, N., Senior, A. W., Kavukcuoglu, K.: Wavenet: a generative model for raw audio. CoRR arXiv:1609.03499

  75. Hinton, G.E.: A practical guide to training restricted Boltzmann machines, pp. 599–619. Springer, Berlin (2012)

  76. Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Commun. Surv. Tutor. 20(1), 465–488 (2018). https://doi.org/10.1109/COMST.2017.2779824

    Article  Google Scholar 

  77. Koga, H., Ishibashi, T., Watanabe, T.: Fast agglomerative hierarchical clustering algorithm using locality-sensitive hashing. Knowl. Inf. Syst. 12(1), 25–53 (2007). https://doi.org/10.1007/s10115-006-0027-5

    Article  MATH  Google Scholar 

  78. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Can’t you hear me knocking: identification of user actions on android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY’15, ACM, New York, NY, USA, 2015, pp. 297–304. https://doi.org/10.1145/2699026.2699119

  79. Park, K., Kim, H.: Encryption is not enough: Inferring user activities on kakaotalk with traffic analysis. In: Kim, H.-W., Choi, D. (eds.) Information Security Applications, pp. 254–265. Springer, Cham (2016)

    Chapter  Google Scholar 

  80. Moore, A., Zuev D.: Discriminators for use in flow-based classification

  81. Al-Naymat, G., Alkasassbeh, M., Abu-Samhadanh, N., Sakr, S.: Classification of voip and non-voip traffic using machine learning approaches. J. Theor. Appl. Inf. Technol. 3192

  82. Al-Naymat, G., Al-Kasassbeh, M., Abu-Samhadanh, N., Sakr, S.: Classification of voip and non-voip traffic using machine learning approaches. J. Theor. Appl. Inf. Technol

  83. Zhang, F., He, W., Liu, X., Bridges, P.G.: Inferring users’ online activities through traffic analysis. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WiSec’11, ACM, New York, NY, USA, 2011, pp. 59–70. https://doi.org/10.1145/1998412.1998425

  84. Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for internet traffic classification. IEEE Trans. Neural Netw. 18(1), 223–239 (2007). https://doi.org/10.1109/TNN.2006.883010

    Article  Google Scholar 

  85. Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.J., Lloret, J.R.: Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5, 18042–18050 (2017)

    Article  Google Scholar 

  86. Bar Yanai, R., Langberg, M., Peleg, D., Roditty, L.: Realtime classification for encrypted traffic. In: Festa, P. (ed.) Experimental Algorithms, pp. 373–385. Springer, Berlin (2010)

    Chapter  Google Scholar 

  87. Endace, accessed: 2 Feb 2019. https://www.endace.com

  88. Park, J., Tyan, H., Kuo, C.J.: Ga-based internet traffic classification technique for qos provisioning. In: International Conference on Intelligent Information Hiding and Multimedia, vol. 2006, pp. 251–254 (2006). https://doi.org/10.1109/IIH-MSP.2006.264991

  89. Lotfollahi, M., Zade, R.S.H., Siavoshani, M.J., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. CoRR arXiv:1709.02656

  90. Lashkari, A.H., Gil, G.D., Mamun, M., Ghorbani, A.: Characterization of encrypted and vpn traffic using time-related features (2016). https://doi.org/10.5220/0005740704070414

    Article  Google Scholar 

  91. Yao, H., Ranjan, G., Tongaonkar, A., Liao, Y., Mao, Z.M.: Samples: self adaptive mining of persistent lexical snippets for classifying mobile application traffic. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, ACM, pp. 439–451 (2015)

  92. Rao, A., Kakhki, A.M., Razaghpanah, A., Tang, A., Wang, S.Y., Sherry, J., Gill, P., Krishnamurthy, A., Legout, A., Mislove, A., Choffnes, D.: Using the middle to meddle with mobile (2013)

  93. Spreitzer, R., Griesmayr, S., Korak, T., Mangard, S.: Exploiting data-usage statistics for website fingerprinting attacks on android. In: WISEC (2016)

  94. Qazi, Z. A., Lee, J., Jin, T., Bellala, G., Arndt, M., Noubir, G.: Application-awareness in sdn. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM’13, ACM, New York, NY, USA, 2013, pp. 487–488. https://doi.org/10.1145/2486001.2491700

  95. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2018). https://doi.org/10.1109/TIFS.2017.2737970

    Article  Google Scholar 

  96. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: IEEE European Symposium on Security and Privacy (EuroS P), vol. 2016, pp. 439–454 (2016). https://doi.org/10.1109/EuroSP.2016.40

  97. Aceto, G., Ciuonzo, D., Montieri, A., Pescapè, A.: Traffic classification of mobile apps through multi-classification. In: GLOBECOM 2017-2017 IEEE Global Communications Conference, pp. 1–6. https://doi.org/10.1109/GLOCOM.2017.8254059 (2017)

  98. Aceto, G., Ciuonzo, D., Montieri, A., Pescapè, A.: Mobile encrypted traffic classification using deep learning. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8 (2018)

  99. Mongkolluksamee, S., Visoottiviseth, V., Fukuda, K.: Enhancing the performance of mobile traffic identification with communication patterns. In: 2015 IEEE 39th Annual Computer Software and Applications Conference, vol. 2, 2015, pp. 336–345. https://doi.org/10.1109/COMPSAC.2015.50

  100. Le, A., Varmarken, J., Langhoff, S., Shuba, A., Gjoka, M., Markopoulou, A.: Antmonitor: a system for monitoring from mobile devices. In: Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, C2B(1)D’15, ACM, New York, NY, USA, 2015, pp. 15–20. https://doi.org/10.1145/2787394.2787396

  101. Wang, Q., Yahyavi, A., Kemme, B., He, W.: I know what you did on your smartphone: inferring app usage over encrypted data traffic, In. IEEE Conference on Communications and Network Security (CNS) 2015, 433–441 (2015). https://doi.org/10.1109/CNS.2015.7346855

    Article  Google Scholar 

  102. Watkins, L., Corbett, C., Salazar, B., Fairbanks, K., Robinson, W.H.: Using network traffic to remotely identify the type of applications executing on mobile devices

  103. Alan, H.F., Kaur, J.: Can android applications be identified using only tcp/ip headers of their launch time traffic?. In: WISEC (2016)

  104. Shen, M., Wei, M., Zhu, L., Wang, M.: Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Trans. Inf. Forensics Secur. 12(8), 1830–1843 (2017). https://doi.org/10.1109/TIFS.2017.2692682

    Article  Google Scholar 

  105. Rao, A., Sherry, J., Legout, A., Krishnamurthy, A., Dabbous, W., Choffnes, D.: Meddle: middleboxes for increased transparency and control of mobile traffic. In: Proceedings of the 2012 ACM conference on CoNEXT student workshop, ACM, pp. 65–66 (2012)

  106. Citrix, SSL interception. https://docs.citrix.com/en-us/netscaler-secure- web-gateway/12/ssl-interception.html. Accessed 1 Jan 2019

  107. Valenti, S., Rossi, D., Meo, M., Mellia, M., Bermolen, P.: Accurate, fine-grained classification of p2p-tv applications by simply counting packets. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) Traffic Monitoring and Analysis, pp. 84–92. Springer, Berlin (2009)

    Chapter  Google Scholar 

  108. Coull, S.E., Dyer, K.P.: Traffic analysis of encrypted messaging services: apple imessage and beyond. Comput. Commun. Rev. 44, 5–11 (2014)

    Article  Google Scholar 

  109. Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mobile Comput. 15(11), 2851–2864 (2016). https://doi.org/10.1109/TMC.2016.2516020

    Article  Google Scholar 

  110. Vanrykel, E., Acar, G., Herrmann, M., Diaz, C.: Leaky birds: Exploiting mobile application traffic for surveillance. In: Grossklags, J., Preneel, B. (eds.) Financial Cryptography and Data Security, pp. 367–384. Springer, Berlin (2017)

    Chapter  Google Scholar 

  111. Stöber, T., Frank, M., Schmitt, J., Martinovic, I.: Who do you sync you are? smartphone fingerprinting via application behaviour https://doi.org/10.1145/2462096.2462099

  112. Verde, N.V., Ateniese, G., Gabrielli, E., Mancini, L.V., Spognardi, A.: No nat’d user left behind: Fingerprinting users behind nat from netflow records alone. In: 2014 IEEE 34th International Conference on Distributed Computing Systems, 2014, pp. 218–227. https://doi.org/10.1109/ICDCS.2014.30

  113. Malik, N., Chandramouli, J., Suresh, P., Fairbanks, K., Watkins, L., Robinson, W.H.: Using network traffic to verify mobile device forensic artifacts. In: 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), 2017, pp. 114–119. https://doi.org/10.1109/CCNC.2017.7983091

  114. Aksoy, A., Louis, S., Gunes, M.H.: Operating system fingerprinting via automated network traffic analysis. In: IEEE Congress on Evolutionary Computation (CEC), vol. 2017, pp. 2502–2509 (2017). https://doi.org/10.1109/CEC.2017.7969609

  115. Chen, Y.-C., Liao, Y., Baldi, M., Lee, S.-J., Qiu, L.: Os fingerprinting and tethering detection in mobile networks. In: Internet Measurement Conference (2014)

  116. Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C.A., Nahrstedt, K.: Identity, location, disease and more: Inferring your secrets from android public resources. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS’13, ACM, New York, NY, USA, 2013, pp. 1017–1028. https://doi.org/10.1145/2508859.2516661

  117. Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 255–263 (2006)

  118. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can Uncovering spoken phrases in encrypted voip conversations. In: IEEE Symposium on Security and Privacy (sp 2008). IEEE 2008, 35–49 (2008)

  119. Wang, T., Goldberg, I.: Walkie-talkie: an efficient defense against passive website fingerprinting attacks, in: 26th USENIX Security Symposium (USENIX Security 17), pp. 1375–1390 (2017)

  120. Frolov, S., Wustrow, E.: The use of TLS in Censorship Circumvention. In: NDSS (2019)

  121. Bahuguna, A., Agrawal, A., Bhatia, A., Tiwari, K., Vishwakarma, D.: User profiling using smartphone network traffic analysis. In: 2021 International Conference on COMmunication Systems NETworkS (COMSNETS), pp. 69–73. IEEE (2021)

  122. “Forensic Methodology Report: How to catch NSO Group’s Pegasus | Amnesty International.” [Online]. Available: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/. Accessed 01 Aug 2021

Download references

Funding

The work is supported by the Center for Artificial Intelligence and Robotics (CAIR) laboratory of Defence Research and Development Organisation (DRDO), Bangalore, India, under the CARS-46 scheme.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Systems, Birla Institute of Technology and Science Pilani, Pilani Campus, Jhunjhunu, Rajasthan, 333031, India

    Ankit Agrawal, Ashutosh Bhatia, Ayush Bahuguna, Kamlesh Tiwari & K. Haribabu

  2. Center for Artificial Intelligence and Robotics, Defence Research and Development Organisation (DRDO), Bangalore, India

    Deepak Vishwakarma

  3. Department of Electronics and Communication Engg., Maulana Azad National Institute of Technology, Bhopal, India

    Rekha Kaushik

Authors
  1. Ankit Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ashutosh Bhatia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ayush Bahuguna
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kamlesh Tiwari
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. K. Haribabu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Deepak Vishwakarma
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Rekha Kaushik
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ankit Agrawal.

Ethics declarations

Conflict of interest

Not applicable.

Ethics approval

Not applicable.

Consent to participate

Not applicable.

Consent for publication

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported by Center for Artificial Intelligence and Robotics Lab. DRDO India.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Agrawal, A., Bhatia, A., Bahuguna, A. et al. A survey on analyzing encrypted network traffic of mobile devices. Int. J. Inf. Secur. 21, 873–915 (2022). https://doi.org/10.1007/s10207-022-00581-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00581-y

Keywords

Search

Navigation