Large-Scale Mobile App Identification Using Deep Learning Article Swipe

PDF

Related Concepts

Computer science Scale (ratio) Identification (biology) Deep learning Artificial intelligence Mobile apps Machine learning World Wide Web Cartography Biology Botany Geography

Shahbaz Rezaei , Bryce Kroencke , Xin Liu ·

YOU? · · 2019 · Open Access · · DOI: https://doi.org/10.1109/access.2019.2962018 · OA: W2978116268

Many network services and tools (e.g. network monitors, malware-detection\nsystems, routing and billing policy enforcement modules in ISPs) depend on\nidentifying the type of traffic that passes through the network. With the\nwidespread use of mobile devices, the vast diversity of mobile apps, and the\nmassive adoption of encryption protocols (such as TLS), large-scale encrypted\ntraffic classification becomes increasingly difficult. In this paper, we\npropose a deep learning model for mobile app identification that works even\nwith encrypted traffic. The proposed model only needs the payload of the first\nfew packets for classification, and, hence, it is suitable even for\napplications that rely on early prediction, such as routing and QoS\nprovisioning. The deep model achieves between 84% to 98% accuracy for the\nidentification of 80 popular apps. We also perform occlusion analysis to bring\ninsight into what data is leaked from SSL/TLS protocol that allows accurate app\nidentification. Moreover, our traffic analysis shows that many apps generate\nnot only app-specific traffic, but also numerous ambiguous flows. Ambiguous\nflows are flows generated by common functionality modules, such as\nadvertisement and traffic analytics. Because such flows are common among many\ndifferent apps, identifying the source app that generates ambiguous flows is\nchallenging. To address this challenge, we propose a CNN+LSTM model that uses\nadjacent flows to learn the order and pattern of multiple flows, to better\nidentify the app that generates them. We show that such flow association\nconsiderably improves the accuracy, particularly for ambiguous flows.\nFurthermore, we show that our approach is robust to mixed traffic scenarios\nwhere some unrelated flows may appear in adjacent flows. To the best of our\nknowledge, this is the first work that identifies the source app for ambiguous\nflows.\n