CNN for User Activity Detection Using Encrypted In-App Mobile Data

Madushi H Pathmaperuma,Ahmet Kondoz,Safak Dogan,Yogachandran Rahulamathavan

doi:10.3390/fi14020067

Madushi H Pathmaperuma, Ahmet Kondoz + Show 2 more

Open Access

https://doi.org/10.3390/fi14020067

Copy DOI

Journal: Future internet	Publication Date: Feb 21, 2022
Citations: 5	License type: CC BY 4.0

Affiliation: Loughborough University

Abstract

In this study, a simple yet effective framework is proposed to characterize fine-grained in-app user activities performed on mobile applications using a convolutional neural network (CNN). The proposed framework uses a time window-based approach to split the activity’s encrypted traffic flow into segments, so that in-app activities can be identified just by observing only a part of the activity-related encrypted traffic. In this study, matrices were constructed for each encrypted traffic flow segment. These matrices acted as input into the CNN model, allowing it to learn to differentiate previously trained (known) and previously untrained (unknown) in-app activities as well as the known in-app activity type. The proposed method extracts and selects salient features for encrypted traffic classification. This is the first-known approach proposing to filter unknown traffic with an average accuracy of 88%. Once the unknown traffic is filtered, the classification accuracy of our model would be 92%.

Highlights

Rahulamathavan, Y.; Dogan, S.; In recent years, traffic classification has attracted increasing attention, as it is used in network management, security, advertising, network design, and engineering
This paper proposes an image-based method that represents network traffic as images and utilizes deep learning (DL) architecture based on convolutional neural network (CNN) to learn the traffic features in these images and perform traffic classification
This paper proposes a CNN-based method that transfers network traffic flows into images to identify in-app activities while detecting unknown data

Summary

Introduction

Rahulamathavan, Y.; Dogan, S.; In recent years, traffic classification has attracted increasing attention, as it is used in network management, security, advertising, network design, and engineering. Network traffic classification involves analyzing traffic flows and identifying the type of content within these flows. A network trace of a device or a group of devices is taken as input and, as output, information about those devices, their users, their apps, or in-app activities is given. Network traffic classification has many possibilities to solve personal, business, internet service provider, and government network problems such as anomaly detection, quality of service control, application performance, capacity planning, traffic engineering, trend analysis, interception, and intrusion detection. Several traffic classifications approaches have been proposed and developed. These methods have evolved significantly over time from port-based, deep packet inspection (DPI)

Objectives

Methods

Results

Conclusion