While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this paper, we move a step forward: we investigate to which extent it is feasible to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We design a system that achieves this goal by using advanced machine learning techniques. We did a complete implementation of this system and run a thorough set of experiments, which show that it can achieve accuracy and precision higher than 95% for most of the considered actions. Copyright © 2015 ACM.
Can't you hear me knocking: Identification of user actions on android apps via traffic analysis / Conti, Mauro; Mancini, Luigi Vincenzo; Spolaor, Riccardo; Verde, NINO VINCENZO. - STAMPA. - 1:(2015), pp. 297-304. (Intervento presentato al convegno 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 tenutosi a San Antonio; United States) [10.1145/2699026.2699119].
Can't you hear me knocking: Identification of user actions on android apps via traffic analysis
MANCINI, Luigi Vincenzo;SPOLAOR, RICCARDO;VERDE, NINO VINCENZO
2015
Abstract
While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this paper, we move a step forward: we investigate to which extent it is feasible to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We design a system that achieves this goal by using advanced machine learning techniques. We did a complete implementation of this system and run a thorough set of experiments, which show that it can achieve accuracy and precision higher than 95% for most of the considered actions. Copyright © 2015 ACM.File | Dimensione | Formato | |
---|---|---|---|
Conti_Identification_2015.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.14 MB
Formato
Adobe PDF
|
1.14 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.