Can't you hear me knocking: Identification of user actions on android apps via traffic analysis

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2015, Pages 297-304

  Conti, Mauro ^a   Mancini, Luigi V ^b   Spolaor, Riccardo ^a   Verde, Nino V ^b  

^a UNIVERSITY OF PADOVA   (Italy)

^b SAPIENZA UNIVERSITY OF ROME   (Italy)

Author keywords

Machine learning; Mobile security; Network traffic analysis; Privacy

Indexed keywords

DATA PRIVACY; LEARNING SYSTEMS; MACHINE LEARNING; MOBILE SECURITY; REMOTE CONTROL;

ACCURACY AND PRECISION; ANDROID APPS; MACHINE LEARNING TECHNIQUES; NETWORK TRAFFIC; NETWORK TRAFFIC ANALYSIS; PASSIVE ADVERSARY; TRACKING DEVICES; TRAFFIC ANALYSIS;

ANDROID (OPERATING SYSTEM);

EID: 84928136695     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2699026.2699119     Document Type: Conference Paper

References (37)

1. Androidrank. http://www.androidrank.org/.
2. Top 15 most popular social networking sites, May 2014. http://www.ebizmba.com/articles/social-networking-websites, May 2014.
3. C. A. Ardagna, M. Conti, M. Leone, and J. Stefa. An anonymous end-to-end communication protocol for mobile cloud environments. Services Computing, IEEE Transactions on, 2014.
4. R. Atterer, M. Wnuk, and A. Schmidt. Knowing the user's every move: User activity tracking for website usability evaluation and implicit interaction. In Proceedings of ACM WWW, 2006.
5. F. Benevenuto, T. Rodrigues, M. Cha, and V. Almeida. Characterizing user navigation and interactions in online social networks. Inf. Sci., July 2012.
6. O. Berthold, H. Federrath, and M. Köhntopp. Project anonymity and unobservability in the internet. In Proceedings of ACM CFP, 2000.
7. L. Breiman. Random forests. Machine Learning, 45, 2001.
8. X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of ACM CCS, 2012.
9. S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Proceedings of IEEE S&P, 2010.
10. M. Conti, N. Dragoni, and S. Gottardo. Mithys: Mind the hand you shake-protecting mobile devices from ssl usage vulnerabilities. In Security and Trust Management. Springer, 2013.
11. S. Dai, A. Tongaonkar, X. Wang, A. Nucci, and D. Song. Networkprofiler: Towards automatic fingerprinting of android apps. In Proceedings of IEEE INFOCOM, 2013.
12. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008.
13. K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of IEEE S&P, 2012.
14. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-ow tracking system for realtime privacy monitoring on smartphones. In Proceedings of USENIX OSDI, 2010.
15. S. Fahl, M. Harbach, T. Muders, L. Baumgärtner, B. Freisleben, and M. Smith. Why eve and mallory love android: An analysis of android ssl (in)security. In Proceedings of ACM CCS, 2012.
16. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The most dangerous code in the world: Validating ssl certificates in non-browser software. In Proceedings of ACM CCS, 2012.
17. Y. Go, D. F. Kune, S. Woo, K. Park, and Y. Kim. Towards accurate accounting of cellular data for tcp retransmission. In Proceedings of ACM HotMobile, 2013.
18. T. Hastie, R. Tibshirani, and J. Friedman. The Elements of Statistical Learning (2nd ed.). Springer, 2009.
19. D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In Proceedings of ACM CCSW, 2009.
20. B. Krishnamurthy. Privacy and online social networks: Can colorless green ideas sleep furiously? IEEE Security and Privacy, 2013.
21. M. Liberatore and B. N. Levine. Inferring the source of encrypted http connections. In Proceedings of ACM CCS, 2006.
22. X. Luo, P. Zhou, E. W. W. Chan, W. Lee, R. K. C. Chang, and R. Perdisci. Httpos: Sealing information leaks with browser-side obfuscation of encrypted ows. In Proceedings of NDSS, 2011.
23. T. M. Mitchell. Machine learning. 1997.
24. M. Müller. Information Retrieval for Music and Motion. Springer, 2007.
25. A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of ACM WPES, 2011.
26. J.-F. Raymond. Traffc analysis: Protocols, attacks, design issues, and open problems. In Designing Privacy Enhancing Technologies. Springer, 2001.
27. B. P. Rocha, M. Conti, S. Etalle, and B. Crispo. Hybrid static-runtime information ow and declassification enforcement. Information Forensics and Security, IEEE Transactions on, 2013.
28. F. Schneider, A. Feldmann, B. Krishnamurthy, and W. Willinger. Understanding online social network usage from a network perspective. In Proceedings of ACM IMC, 2009.
29. C. Staff. Germany: U.s. might have monitored merkel's phone. http://edition.cnn.com/2013/10/23/world/europe/germany-us-merkel-phone-monitoring/, Oct. 2014.
30. T. Stöber, M. Frank, J. Schmitt, and I. Martinovic. Who do you sync you are?: Smartphone fingerprinting via application behaviour. In Proceedings of ACM WiSec, 2013.
31. G. Suarez-Tangil, J. E. Tapiador, P. Peris, and A. Ribagorda. Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials, 2013.
32. N. V. Verde, G. Ateniese, E. Gabrielli, L. V. Mancini, and A. Spognardi. No nat'd user left behind: Fingerprinting users behind nat from netow records alone. In Proceedings of IEEE ICDCS, 2014.
33. X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Profiledroid: Multi-layer profiling of android applications. In Proceedings of ACM Mobicom, 2012.
34. C. V. Wright, L. Ballard, S. E. Coull, F. Monrose, and G. M. Masson. Spot me if you can: Uncovering spoken phrases in encrypted voip conversations. In Proceedings of IEEE S&P, 2008.
35. C. V. Wright, S. E. Coull, and F. Monrose. Traffc morphing: An efficient defense against statistical traffic analysis. In Proceedings of NDSS, 2009.
36. Y. Zhauniarovich, G. Russello, M. Conti, B. Crispo, and E. Fernandes. Moses: Supporting and enforcing security profiles on smartphones. Dependable and Secure Computing, IEEE Transactions on, 2014.
37. X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from android public resources. In Proceedings of ACM CCS, 2013.