Automatic Fingerprint Extraction of Mobile APP Users in Network Traffic

Abstract

Network operators often need a clear visibility of the mobile APPs and their user scales running in the network traffic. This is critical for network management and network security. Analysis of the network traffic using the extracted APP features and user fingerprints is helpful for effective network operations, management, and security monitoring of LANs, MANs, and WANs. In China, the number of mobile APP users continues to increase, and the proportion of Internet users using mobile APPs to access the Internet far exceeds that of computers, making this task significant and difficult. The traditional methods are mainly APP identifications or identifications of specific APP users, which cannot satisfy the requirements of globally monitoring of APPs and their user scales at the same time. Especially when many users share the same network IPs (4G, home broadband, NAT), this work becomes challenging and time-consuming. This paper proposes an automatic fingerprint extraction approach of mobile APP users in network traffic. By analyzing the plaintext of the HTTP requests initiated by APPs in training datasets, we extract the APPs’ features and the users’ fingerprints simultaneously. Both of them are the combinations of strings which are distinguishable of APPs and their users in the network traffic. The proposed method is evaluated with the top 49 popular APPs in Huawei App Store. The experimental results show that the recalls of the extractions of APPs’ features and users’ fingerprints are respectively 77.5% and 55.1% in total.