Depicting Instant Messaging Encrypted Traffic Characteristics through an Empirical Study

Abstract

Instant Messaging Applications (IMAs), such as Discord and WhatsApp, have become one of the main communication tools for mobile device users. Network traffic analysis is a method of monitoring network activity to identify operational and security issues. There is limited research on network traffic analysis of IMAs on mobile devices due to the challenges of end-to-end encryption, user privacy, and dynamic port usage. In this paper, we design, develop and evaluate a framework to generate end-to-end IMA traffic on mobile devices, employ feature selection and conduct traffic analysis that can cope with encrypted traffic while identifying different IMAs. Results show a performance evaluation workbench as well as highlight the key characterictis of six popular IMAs.