Peel the onion: Recognition of Android apps behind the Tor Network

  title={Peel the onion: Recognition of Android apps behind the Tor Network},
  author={Emanuele Petagna and Giuseppe Laurenza and Claudio Ciccotelli and Leonardo Querzoni},
In this work we show that Tor is vulnerable to app deanonymization attacks on Android devices through network traffic analysis. [...] Key Result In our experiments we achieved an accuracy of 97%.Expand
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
FlowPrint is proposed, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic that automatically finds temporal correlations among destination-related features of network traffic and uses these correlations to generate app fingerprints. Expand
How are your Apps Doing? QoE Inference and Analysis in Mobile Devices
Web browsing has become the most important application of the Internet for the end user. When it comes to mobile devices, web services are mainly accessed through apps. This paper tackles the problemExpand
WF-GAN: Fighting Back Against Website Fingerprinting Attack Using Adversarial Learning
This paper designs WF-GAN, a GAN with an additional WF classifier component, to generate adversarial examples for WFclassifiers through adversarial learning, which achieves over 90% targeted defense success rate when the target websites set is twice as many as the source website set. Expand


NetworkProfiler: Towards automatic fingerprinting of Android apps
A novel technique for automatically generating network profiles for identifying Android apps in the HTTP traffic and a novel UI fuzzing technique for running the app such that different execution paths are exercised, which is necessary to build a comprehensive network profile. Expand
AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic
This paper presents a novel methodology and a framework implementing it, called AppScanner, for the automatic fingerprinting and real-time identification of Android apps from their encrypted network traffic, and shows that this framework works even when HTTPS/TLS is employed. Expand
Can't You Hear Me Knocking: Identification of User Actions on Android Apps via Traffic Analysis
This paper investigates to which extent it is feasible to identify the specific actions that a user is doing on mobile apps, by eavesdropping their encrypted network traffic, and designs a system that achieves this goal by using advanced machine learning techniques. Expand
TorWard: Discovery of malicious traffic over Tor
To the best of the knowledge, this work is the first to perform malicious traffic categorization over Tor, and can avoid legal and administrative complaints and allows the investigation to be performed in a sensitive environment such as a university campus. Expand
Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
It is demonstrated that a passive eavesdropper is capable of identifying finegrained user activities within the wireless network traffic generated by apps, based solely on inspecting IP headers. Expand
A Critical Evaluation of Website Fingerprinting Attacks
It is shown that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. Expand
Characterization of Tor Traffic using Time based Features
A time analysis on Tor traffic flows is presented, captured between the client and the entry node, to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer. Expand
Who do you sync you are?: smartphone fingerprinting via application behaviour
By computing fingerprints from approx,6,hours of background traffic, it is shown that 15 minutes of monitored traffic suffice to reliably identify a smartphone based on its behavioural fingerprint with a success probability of 90%. Expand
Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting
This paper presents attacks that, with high confidence and based solely on throughput information, can reduce the attacker's uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, and exactly identify the guard relay(s) of a Tor user when circuit throughput can been observed over multiple connections. Expand
On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records
This paper presents an active traffic analysis technique based on perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation, and demonstrates the feasibility and effectiveness of traffic analysis attacks against Tor using NetFlow data. Expand