While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this paper, we move a step forward: we investigate to which extent it is feasible to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We design a system that achieves this goal by using advanced machine learning techniques. We did a complete implementation of this system and run a thorough set of experiments, which show that it can achieve accuracy and precision higher than 95% for most of the considered actions. Copyright © 2015 ACM.

Can't you hear me knocking: Identification of user actions on android apps via traffic analysis / Conti, Mauro; Mancini, Luigi Vincenzo; Spolaor, Riccardo; Verde, NINO VINCENZO. - STAMPA. - 1:(2015), pp. 297-304. (Intervento presentato al convegno 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 tenutosi a San Antonio; United States) [10.1145/2699026.2699119].

Can't you hear me knocking: Identification of user actions on android apps via traffic analysis

MANCINI, Luigi Vincenzo;SPOLAOR, RICCARDO;VERDE, NINO VINCENZO
2015

Abstract

While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device, but also to what a passive adversary without the above capabilities can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network. In this paper, we move a step forward: we investigate to which extent it is feasible to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic. We design a system that achieves this goal by using advanced machine learning techniques. We did a complete implementation of this system and run a thorough set of experiments, which show that it can achieve accuracy and precision higher than 95% for most of the considered actions. Copyright © 2015 ACM.
2015
5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Machine learning; Mobile security; Network traffic analysis; Privacy; Information Systems; Software; Computer Science Applications1707 Computer Vision and Pattern Recognition
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Can't you hear me knocking: Identification of user actions on android apps via traffic analysis / Conti, Mauro; Mancini, Luigi Vincenzo; Spolaor, Riccardo; Verde, NINO VINCENZO. - STAMPA. - 1:(2015), pp. 297-304. (Intervento presentato al convegno 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 tenutosi a San Antonio; United States) [10.1145/2699026.2699119].
File allegati a questo prodotto
File Dimensione Formato  
Conti_Identification_2015.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.14 MB
Formato Adobe PDF
1.14 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/878036
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 88
  • ???jsp.display-item.citation.isi??? ND
social impact