Eavesdropping Mobile Apps and Actions through Wireless Traffic in the Open World

Xiaoguang Yang,Yong Huang,Junli Guo,Dalong Zhang,Qingxian Wang
2024-08-14
Abstract:While smartphones and WiFi networks are bringing many positive changes to people's lives, they are susceptible to traffic analysis attacks, which infer user's private information from encrypted traffic. Existing traffic analysis attacks mainly target TCP/IP layers or are limited to the closed-world assumption, where all possible apps and actions have been involved in the model training. To overcome these limitations, we propose MACPrint, a novel system that infers mobile apps and in-app actions based on WiFi MAC layer traffic in the open-world setting. MACPrint first extracts rich statistical and contextual features of encrypted wireless traffic. Then, we develop Label Recorder, an automatic traffic labeling app, to improve labeling accuracy in the training phase. Finally, TCN models with OpenMax functions are used to recognize mobile apps and actions in the open world accurately. To evaluate our system, we collect MAC layer traffic data over 125 hours from more than 40 apps. The experimental results show that MAC-Print can achieve an accuracy of over 96% for recognizing apps and actions in the closed-world setting, and obtains an accuracy of over 86% in the open-world setting.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is to identify applications on smart phones and their internal operations through wireless traffic analysis in the open world. Specifically, existing traffic analysis attacks mainly focus on the TCP/IP layer or under the assumption of a closed world, that is, all possible applications and operations have been included in the model training. However, the recognition accuracy of these methods in the open world is greatly reduced because it is impossible to build fingerprints for all possible applications. Therefore, this paper proposes a new system, MACPrint, which aims to infer mobile applications and their internal operations in an open - world setting through Wi - Fi MAC - layer traffic, thereby overcoming the limitations of existing methods. ### Main problems: 1. **Differences between the closed world and the open world**: Existing methods perform well in the closed world, but in the open world, due to the inability to cover all possible applications, the recognition accuracy drops significantly. 2. **Challenges of encrypted traffic**: Wireless traffic is usually encrypted, making it difficult to directly obtain specific information about applications and operations. 3. **Inefficiency of manual annotation**: Existing methods rely on manual annotation of traffic traces, which is inefficient and inaccurate in practical applications. ### Solutions: 1. **MACPrint system**: By extracting statistical and contextual features of encrypted wireless traffic, use the Temporal Convolutional Network (TCN) and OpenMax function to identify applications and operations. 2. **Automatic annotation tool**: Developed an Android application named Label Recorder for automatically performing fine - grained sample annotation, improving the efficiency and accuracy of annotation. 3. **Multi - level feature extraction**: Use the sliding - window technique to extract multi - level features from traffic traces to characterize different applications and operations. ### Experimental results: - In the closed - world setting, the recognition accuracy of MACPrint exceeds 96%, and the F1 - score also exceeds 96%. - In the open - world setting, the recognition accuracy of MACPrint exceeds 86%, and the F1 - score exceeds 85%. Through these methods, MACPrint can efficiently and stably identify applications and operations in the open world, thereby inferring users' privacy information.