AppTwins: A new approach to identify app package in network traffic

The smartphone applications have taken place of the web browser and became the user's primary internet entrance. One application's popularity can be measured by its downloading times, and it is valuable for commercial advertising. Identifying app installation packages from network traffic is one of the most feasible approaches to collect these data. But asymmetric routing, incomplete capture and so on make it challenging to determine app's name at large scale in network traffic. With these constraints, we proposed AppTwins, an efficient, robust and automatical approach which has the ability to determine corrupted package's name. The identification consists of three distinct steps. Step 1, identify app packages with a stream fuzzy hash fingerprint database in live network traffic. Step 2, the unprecedented ones were captured and decompiled to acquire new app's name, a fingerprint was also calculated. Step3, update the database with new app's name and fingerprint. AppTwins achieves up a recall rate of 97.63% and a precision rate of 96.44% when app packages are almost complete. Furthermore, It can also identify incomplete app packages in the real traffic where there are no name or URL.

[1]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[2]  Dawn Xiaodong Song,et al.  NetworkProfiler: Towards automatic fingerprinting of Android apps , 2013, 2013 Proceedings IEEE INFOCOM.

[3]  James Won-Ki Hong,et al.  Automated classifier generation for application-level mobile traffic identification , 2012, 2012 IEEE Network Operations and Management Symposium.

[4]  Qiang Xu,et al.  Identifying diverse usage behaviors of smartphone apps , 2011, IMC '11.

[5]  Jesse D. Kornblum Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[6]  Yong Liao,et al.  AppPrint: Automatic Fingerprinting of Mobile Applications in Network Traffic , 2015, PAM.

[7]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[8]  Olga Gadyatskaya,et al.  FSquaDRA: Fast Detection of Repackaged Applications , 2014, DBSec.

[9]  Kangbin Yim,et al.  Analysis on Maliciousness for Mobile Applications , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[10]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.