Eavesdropping Mobile Apps and Actions through Wireless Traffic in the Open World

TL;DR

This paper introduces MACPrint, a system that accurately infers mobile apps and actions from encrypted WiFi MAC layer traffic in open-world scenarios, overcoming limitations of previous TCP/IP-based methods.

Contribution

MACPrint is the first system to perform open-world app and action recognition using WiFi MAC layer traffic, with novel feature extraction and labeling techniques.

Findings

Achieves over 96% accuracy in closed-world scenarios.

Achieves over 86% accuracy in open-world scenarios.

Demonstrates effectiveness with 125 hours of collected data from 40+ apps.

Abstract

While smartphones and WiFi networks are bringing many positive changes to people's lives, they are susceptible to traffic analysis attacks, which infer user's private information from encrypted traffic. Existing traffic analysis attacks mainly target TCP/IP layers or are limited to the closed-world assumption, where all possible apps and actions have been involved in the model training. To overcome these limitations, we propose MACPrint, a novel system that infers mobile apps and in-app actions based on WiFi MAC layer traffic in the open-world setting. MACPrint first extracts rich statistical and contextual features of encrypted wireless traffic. Then, we develop Label Recorder, an automatic traffic labeling app, to improve labeling accuracy in the training phase. Finally, TCN models with OpenMax functions are used to recognize mobile apps and actions in the open world accurately. To evaluate our system, we collect MAC layer traffic data over 125 hours from more than 40 apps. The experimental results show that MAC-Print can achieve an accuracy of over 96% for recognizing apps and actions in the closed-world setting, and obtains an accuracy of over 86% in the open-world setting.