Enmob: Unveil the behavior with multi-flow analysis of encrypted app traffic

Author

Mengmeng GE
Ruitao FENG, Singapore Management UniversityFollow
Likun LIU
Xiangzhan YU
Sachidananda VINAY
Xiaofei XIE, Singapore Management UniversityFollow
Yang LIU

Publication Type

Journal Article

Version

publishedVersion

Publication Date

4-2025

Abstract

In the contemporary digital landscape, mobile applications have become the predominant conduit for internet connectivity and daily tasks. Simultaneously, the advent of application encryption technology has safeguarded users’ privacy. However, this encryption, while fortifying privacy, introduces challenges to security by hindering the effective management of network applications within encrypted data streams. Conventional detection methods for encrypted application traffic, relying heavily on statistical metrics like payload, packet size, and distribution, are constrained to single traffic flows, often yielding results of limited specificity. To address this limitation, our paper introduces an innovative approach that elucidates the multi-flow nature of application behavior traffic and provides context to encrypted application traffic. This method offers a more nuanced and comprehensive perspective for understanding and representing network traffic, even when encrypted. The efficacy of our approach was evaluated using a substantial volume of real network traffic data. Results indicate that our method achieves an average accuracy of 0.958 in identifying application behavior traffic and 0.955 in classifying application traffic. These outcomes signify a substantial enhancement over single network flow-based detection methods, demonstrating a notable 5.3% improvement.

Keywords

Behavior Traffic Classification, Encryption traffic, Traffic analysis

Discipline

Databases and Information Systems | Information Security

Research Areas

Cybersecurity

Publication

Cybersecurity

Volume

8

Issue

1

First Page

1

Last Page

17

ISSN

2523-3246

Identifier

10.1186/s42400-024-00301-0

Publisher

SpringerOpen

Citation

GE, Mengmeng; FENG, Ruitao; LIU, Likun; YU, Xiangzhan; VINAY, Sachidananda; XIE, Xiaofei; and LIU, Yang. Enmob: Unveil the behavior with multi-flow analysis of encrypted app traffic. (2025). Cybersecurity. 8, (1), 1-17.
Available at: https://ink.library.smu.edu.sg/sis_research/10153

Copyright Owner and License

Author-CC-BY

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 License.

Additional URL

https://doi.org/10.1186/s42400-024-00301-0