Characterization and Prediction of Mobile-App Traffic Using Markov Modeling

Abstract

Modeling network traffic is an endeavor actively carried on since early digital communications, supporting a number of practical applications, that range from network planning and provisioning to security. Accordingly, many theoretical and empirical approaches have been proposed in this long-standing research, most notably, Machine Learning (ML) ones. Indeed, recent interest from network equipment vendors is sparking around the evaluation of solid information-theoretical modeling approaches complementary to ML ones, especially applied to new network traffic profiles stemming from the massive diffusion of mobile apps. To cater to these needs, we analyze mobile-app traffic available in the public dataset MIRAGE-2019 adopting two related modeling approaches based on the well-known methodological toolset of Markov models (namely, Markov Chains and Hidden Markov Models ). We propose a novel heuristic to reconstruct application-layer messages in the common case of encrypted traffic. We discuss and experimentally evaluate the suitability of the provided modeling approaches for different tasks: characterization of network traffic (at different granularities, such as application, application category, and application version), and prediction of network traffic at both packet and message level. We also compare the results with several ML approaches, showing performance comparable to a state-of-the-art ML predictor (Random Forest Regressor). Also, with this work we provide a viable and theoretically sound traffic-analysis toolset to help improving ML evaluation (and possibly its design), and a sensible and interpretable baseline.