Enmob: Unveil the Behavior with Multi-flow Analysis of Encrypted App Traffic

Enmob: Unveil the Behavior with Multi-flow Analysis of Encrypted App Traffic

Abstract In the contemporary digital landscape, mobile applications have become the predominant conduit for internet connectivity and daily tasks. Simultaneously, the advent of application encryption technology has safeguarded users’ privacy. However, this encryption, while fortifying privacy, intro...

Full description

Saved in:
Bibliographic Details
Main Authors: Ge Mengmeng, Feng Ruitao, Liu Likun, Yu Xiangzhan, Sachidananda Vinay, Xie Xiaofei, Liu Yang
Format: Article
Language:English
Published: SpringerOpen 2025-04-01
Series:Cybersecurity
Subjects:
Traffic analysis
Encryption traffic
Behavior Traffic Classification
Online Access:https://doi.org/10.1186/s42400-024-00301-0
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract In the contemporary digital landscape, mobile applications have become the predominant conduit for internet connectivity and daily tasks. Simultaneously, the advent of application encryption technology has safeguarded users’ privacy. However, this encryption, while fortifying privacy, introduces challenges to security by hindering the effective management of network applications within encrypted data streams. Conventional detection methods for encrypted application traffic, relying heavily on statistical metrics like payload, packet size, and distribution, are constrained to single traffic flows, often yielding results of limited specificity. To address this limitation, our paper introduces an innovative approach that elucidates the multi-flow nature of application behavior traffic and provides context to encrypted application traffic. This method offers a more nuanced and comprehensive perspective for understanding and representing network traffic, even when encrypted. The efficacy of our approach was evaluated using a substantial volume of real network traffic data. Results indicate that our method achieves an average accuracy of 0.958 in identifying application behavior traffic and 0.955 in classifying application traffic. These outcomes signify a substantial enhancement over single network flow-based detection methods, demonstrating a notable 5.3% improvement.
ISSN:2523-3246

Similar Items