{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T19:04:16Z","timestamp":1772910256833,"version":"3.50.1"},"reference-count":122,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T00:00:00Z","timestamp":1645747200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T00:00:00Z","timestamp":1645747200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001849","name":"Defence Research and Development Organisation","doi-asserted-by":"publisher","award":["CARS-46"],"award-info":[{"award-number":["CARS-46"]}],"id":[{"id":"10.13039\/501100001849","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,8]]},"DOI":"10.1007\/s10207-022-00581-y","type":"journal-article","created":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T13:02:47Z","timestamp":1645794167000},"page":"873-915","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["A survey on analyzing encrypted network traffic of mobile devices"],"prefix":"10.1007","volume":"21","author":[{"given":"Ankit","family":"Agrawal","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3576-0275","authenticated-orcid":false,"given":"Ashutosh","family":"Bhatia","sequence":"additional","affiliation":[]},{"given":"Ayush","family":"Bahuguna","sequence":"additional","affiliation":[]},{"given":"Kamlesh","family":"Tiwari","sequence":"additional","affiliation":[]},{"given":"K.","family":"Haribabu","sequence":"additional","affiliation":[]},{"given":"Deepak","family":"Vishwakarma","sequence":"additional","affiliation":[]},{"given":"Rekha","family":"Kaushik","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,2,25]]},"reference":[{"key":"581_CR1","unstructured":"May 2020 Mobile User Statistics: Discover the Number of Phones in The World & Smartphone Penetration by Country or Region. https:\/\/www.bankmycell.com\/blog\/how-many- phones-are-in-the-world. Accessed 05 May 2020"},{"key":"581_CR2","unstructured":"Percentage of mobile device website traffic worldwide from 1st quarter 2015 to 1st quarter 2021, https:\/\/www.statista.com\/statistics\/277125\/share-of-website-traffic-coming-from-mobile-devices\/. Accessed 12 Dec 2021"},{"key":"581_CR3","unstructured":"Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2017\u20132022 White Paper, https:\/\/s3.amazonaws.com\/media.mediapost.com\/uploads\/CiscoForecast.pdf. Accessed 12 Dec 2021"},{"key":"581_CR4","unstructured":"C.\u00a0Systems, Mobile Data Traffic Outlook - Mobility Report. https:\/\/www.ericsson.com\/en\/mobility-report\/reports\/june-2019\/mobile-data-traffic-outlook. Accessed 15 Nov 2019"},{"key":"581_CR5","unstructured":"Cisco Visual Networking Index: Global - 2021 Forecast Highlights. https:\/\/www.cisco.com\/c\/dam\/m\/en_us\/solutions\/service-provider\/vni-forecast-highlights\/pdf\/Global_2021_Forecast_Highlights.pdf. Accessed 12 Dec 2021"},{"key":"581_CR6","unstructured":"Most popular mobile messaging apps worldwide as of October 2021, based on number of monthly active users, https:\/\/www.statista.com\/statistics\/258749\/most-popular-global-mobile-messenger-apps\/. Accessed 12 Dec 2021"},{"key":"581_CR7","unstructured":"Wireshark. Accessed 2 Feb 2019. https:\/\/www.wireshark.org"},{"key":"581_CR8","unstructured":"eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News... [Online]. https:\/\/www.emule-project.net\/home\/perl\/general.cgi?l=1. Accessed 21 Aug 2019"},{"key":"581_CR9","unstructured":"BitTorrent|The World\u2019s Most Popular Torrent Client.\u201d [Online]. https:\/\/www.bittorrent.com\/. Accessed 21 Aug 2019"},{"key":"581_CR10","unstructured":"Traffic shaping - Wikipedia. [Online]. https:\/\/en.wikipedia.org\/wiki\/Traffic_shaping. Accessed 23 Jun 2021"},{"key":"581_CR11","unstructured":"Obfuscating BitTorrent - Bram Cohen\u2019s Journal - LiveJournal. [Online]. https:\/\/bramcohen.livejournal.com\/29886.html. Accessed 25 Aug 2019"},{"key":"581_CR12","unstructured":"Why Encrypting BitTorrent Traffic Is Bad|WIRED. [Online]. https:\/\/www.wired.com\/2006\/12\/why-encrypting-bittorrent-traffic-is-bad\/. Accessed 25 Aug 2019"},{"key":"581_CR13","unstructured":"Gai, S., McCloghrie, K., Mohaban, S.: Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows. uS Patent 6,651,101 (Nov 18 2003)"},{"key":"581_CR14","unstructured":"S.\u00a0CAIDA, Transport layer identification of p2p traffic"},{"issue":"2","key":"581_CR15","doi-asserted-by":"publisher","first-page":"1135","DOI":"10.1109\/SURV.2013.100613.00161","volume":"16","author":"M Finsterbusch","year":"2014","unstructured":"Finsterbusch, M., Richter, C., Rocha, E., Muller, J., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135\u20131156 (2014). https:\/\/doi.org\/10.1109\/SURV.2013.100613.00161","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"5","key":"581_CR16","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1002\/nem.1901","volume":"25","author":"P Velan","year":"2015","unstructured":"Velan, P., \u010cerm\u00e1k, M., \u010celeda, P., Dra\u0161ar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25(5), 355\u2013374 (2015)","journal-title":"Int. J. Netw. Manag."},{"key":"581_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.106944","volume":"165","author":"G Aceto","year":"2019","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e8, A.: Mimetic: mobile encrypted traffic classification using multimodal deep learning. Comput. Netw. 165, 106944 (2019)","journal-title":"Comput. Netw."},{"key":"581_CR18","doi-asserted-by":"crossref","unstructured":"Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 332\u2013346. IEEE (2012)","DOI":"10.1109\/SP.2012.28"},{"key":"581_CR19","unstructured":"Luo, X., Zhou, P., Chan, E.W., Lee, W., Chang, R.K., Perdisci, R.: Httpos: sealing information leaks with browser-side obfuscation of encrypted flows. In: NDSS, vol.\u00a011. Citeseer (2011)"},{"key":"581_CR20","unstructured":"Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: NDSS, vol.\u00a09. Citeseer (2009)"},{"issue":"1","key":"581_CR21","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/TIFS.2015.2478741","volume":"11","author":"M Conti","year":"2016","unstructured":"Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Security 11(1), 114\u2013125 (2016)","journal-title":"IEEE Trans. Inf. Forensics Security"},{"key":"581_CR22","doi-asserted-by":"crossref","unstructured":"Cao, Z., Xiong, G., Zhao, Y., Li, Z., Guo, L.: A survey on encrypted traffic classification. In: International Conference on Applications and Techniques in Information Security, pp. 73\u201381. Springer (2014)","DOI":"10.1007\/978-3-662-45670-5_8"},{"issue":"6","key":"581_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1140\/epjb\/e2015-60106-6","volume":"88","author":"J Saram\u00e4ki","year":"2015","unstructured":"Saram\u00e4ki, J., Moro, E.: From seconds to months: an overview of multi-scale dynamics of mobile telephone calls. Eur. Phys. J. B 88(6), 1\u201310 (2015)","journal-title":"Eur. Phys. J. B"},{"issue":"1","key":"581_CR24","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1140\/epjds\/s13688-015-0046-0","volume":"4","author":"VD Blondel","year":"2015","unstructured":"Blondel, V.D., Decuyper, A., Krings, G.: A survey of results on mobile phone datasets analysis. EPJ Data Sci. 4(1), 10 (2015)","journal-title":"EPJ Data Sci."},{"issue":"1","key":"581_CR25","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1109\/COMST.2015.2491361","volume":"18","author":"D Naboulsi","year":"2015","unstructured":"Naboulsi, D., Fiore, M., Ribot, S., Stanica, R.: Large-scale mobile traffic analysis: a survey. IEEE Commun. Surv. Tutor. 18(1), 124\u2013161 (2015)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"581_CR26","doi-asserted-by":"crossref","unstructured":"Kumar, S., Indu, S., Walia, G.S.: Smartphone traffic analysis: a contemporary survey of the state-of-the-art. In: Proceedings of the 6th International Conference on Mathematics and Computing, pp. 325\u2013343. Springer, Singapore (2021)","DOI":"10.1007\/978-981-15-8061-1_26"},{"key":"581_CR27","doi-asserted-by":"publisher","first-page":"54024","DOI":"10.1109\/ACCESS.2019.2912896","volume":"7","author":"P Wang","year":"2019","unstructured":"Wang, P., Chen, X., Ye, F., Sun, Z.: A survey of techniques for mobile service encrypted traffic classification using deep learning. IEEE Access 7, 54024\u201354033 (2019)","journal-title":"IEEE Access"},{"issue":"2","key":"581_CR28","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1109\/TNSM.2019.2899085","volume":"16","author":"G Aceto","year":"2019","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e9, A.: Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manag. 16(2), 445\u2013458 (2019)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"581_CR29","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1016\/j.neucom.2020.05.036","volume":"409","author":"G Aceto","year":"2020","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e9, A.: Toward effective mobile encrypted traffic classification through deep learning. Neurocomputing 409, 306\u2013315 (2020)","journal-title":"Neurocomputing"},{"key":"581_CR30","doi-asserted-by":"crossref","unstructured":"Conti, M., Li, Qian Q., Maragno, A., Spolaor, R.: The dark side (-channel) of mobile devices: a survey on network traffic analysis. IEEE Commun. Surv. Tutor. 20(4):2658-2713 (2018)","DOI":"10.1109\/COMST.2018.2843533"},{"key":"581_CR31","volume-title":"QUIC: a UDP-Based Multiplexed and Secure Transport; draft-ietf-quic-transport-24","author":"J Iyengar","year":"2019","unstructured":"Iyengar, J., Thomson, M.: QUIC: a UDP-Based Multiplexed and Secure Transport; draft-ietf-quic-transport-24. Newark, DE, USA, Internet Engineering Task Force (2019)"},{"key":"581_CR32","doi-asserted-by":"crossref","unstructured":"Gember, A., Anand, A., Akella, A.: A comparative study of handheld and non-handheld traffic in campus wi-fi networks. In: International Conference on Passive and Active Network Measurement, Springer, pp. 173\u2013183 (2011)","DOI":"10.1007\/978-3-642-19260-9_18"},{"key":"581_CR33","doi-asserted-by":"crossref","unstructured":"Kakhki, A.M., Jero, S., Choffnes, D., Nita-Rotaru, C., Mislove, A.: Taking a long look at QUIC: an approach for rigorous evaluation of rapidly evolving transport protocols. In: Proceedings of the 2017 Internet Measurement Conference, pp. 290\u2013303 (2017)","DOI":"10.1145\/3131365.3131368"},{"key":"581_CR34","doi-asserted-by":"crossref","unstructured":"Diego, M., Torrealba, L., Madariaga, J., Berm\u00fadez, J., Bustos-Jim\u00e9nez, J.: Analyzing the adoption of QUIC from a mobile development perspective. In: Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, pp. 35\u201341 (2020)","DOI":"10.1145\/3405796.3405830"},{"key":"581_CR35","doi-asserted-by":"crossref","unstructured":"Maier, G., Schneider, F., Feldmann, A.: A first look at mobile hand-held device traffic. In: International Conference on Passive and Active Network Measurement. Springer, pp. 161\u2013170 (2010)","DOI":"10.1007\/978-3-642-12334-4_17"},{"key":"581_CR36","doi-asserted-by":"crossref","unstructured":"Lee, S.-W., Park, J.-S., Lee, H.-S., Kim, M.-S.: A study on smart-phone traffic analysis. In: 13th Asia-Pacific Network Operations and Management Symposium, vol. 2011, pp. 1\u20137. IEEE (2011)","DOI":"10.1109\/APNOMS.2011.6077033"},{"issue":"5","key":"581_CR37","doi-asserted-by":"publisher","first-page":"1359","DOI":"10.1109\/TNET.2010.2040087","volume":"18","author":"M Afanasyev","year":"2010","unstructured":"Afanasyev, M., Chen, T., Voelker, G.M., Snoeren, A.C.: Usage patterns in an urban wifi network. IEEE\/ACM Trans. Network. 18(5), 1359\u20131372 (2010)","journal-title":"IEEE\/ACM Trans. Network."},{"key":"581_CR38","unstructured":"Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. CoRR arXiv:1810.07906"},{"key":"581_CR39","doi-asserted-by":"crossref","unstructured":"Kausar, F., Aljumah, S., Alzaydi, S., Alroba, R.: Traffic analysis attack for identifying user\u2019s online activities. IT Professional 21(2), 50\u201357 (2019)","DOI":"10.1109\/MITP.2018.2876988"},{"issue":"21","key":"581_CR40","doi-asserted-by":"publisher","first-page":"29731","DOI":"10.1007\/s11042-018-6217-9","volume":"78","author":"AGS Trujillo","year":"2019","unstructured":"Trujillo, A.G.S., Orozco, A.L.S., Villalba, L.J.G., Kim, T.-H.: A traffic analysis attack to compute social network measures. Mult. Tools Appl. 78(21), 29731\u201329745 (2019)","journal-title":"Mult. Tools Appl."},{"key":"581_CR41","unstructured":"Bahramali, A., Soltani, R., Houmansadr, A., Goeckel, D., Towsley, D.: Practical traffic analysis attacks on secure messaging applications, arXiv preprint arXiv:2005.00508"},{"key":"581_CR42","doi-asserted-by":"crossref","unstructured":"Ruffing, N., Zhu, Y., Libertini, R., Guan, Y., Bettati, R.: Smartphone reconnaissance: Operating system identification. In: 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), vol. 2016, pp. 1086\u20131091. IEEE (2016)","DOI":"10.1109\/CCNC.2016.7444941"},{"key":"581_CR43","unstructured":"Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Workshop on Mobile Security Technologies (MoST), vol.\u00a010. Citeseer (2012)"},{"key":"581_CR44","doi-asserted-by":"crossref","unstructured":"Guan, J., Yao, S., Xu, C., Zhang, H.: Design and implementation of network user behaviors analysis based on hadoop for big data. In: International Conference on Applications and Techniques in Information Security, pp. 44\u201355. Springer (2014)","DOI":"10.1007\/978-3-662-45670-5_5"},{"key":"581_CR45","doi-asserted-by":"crossref","unstructured":"Naik, M., Bhatia, A., Tiwari, K.: I know who you are: a learning framework to profile smartphone users. In: 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), pp. 555\u2013558. IEEE (2020)","DOI":"10.1109\/COMSNETS48256.2020.9027343"},{"key":"581_CR46","unstructured":"Niu, L.B.G.L.W., Warren, M.: Applications and techniques in information security"},{"key":"581_CR47","doi-asserted-by":"crossref","unstructured":"Chen, Z., Tao, Y., Li, G.: A method for detecting trojan based on hidden network traffic analysis. In: International Conference on Applications and Techniques in Information Security, pp. 65\u201372. Springer (2014)","DOI":"10.1007\/978-3-662-45670-5_7"},{"key":"581_CR48","unstructured":"Martin, T., Turner, S.: Using TLS to Secure QUIC-draft-ietf-quic-tls-29. 50 (2020)"},{"issue":"1","key":"581_CR49","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1186\/s13635-016-0030-7","volume":"2016","author":"M Hus\u00e1k","year":"2016","unstructured":"Hus\u00e1k, M., \u010cerm\u00e1k, M., Jirs\u00edk, T., \u010celeda, P.: Https traffic analysis and client identification using passive ssl\/tls fingerprinting. EURASIP J. Inf. Secur. 2016(1), 6 (2016)","journal-title":"EURASIP J. Inf. Secur."},{"key":"581_CR50","doi-asserted-by":"crossref","unstructured":"Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The ssl landscape: a thorough analysis of the x. 509 pki using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 427\u2013444 (2011)","DOI":"10.1145\/2068816.2068856"},{"key":"581_CR51","unstructured":"ipoque GmbH, PACE 2.0 Web Page, https:\/\/www.ipoque.com\/products\/dpi-engine-rsrpace -2. Accessed 27 Dec 2018"},{"key":"581_CR52","unstructured":"C.\u00a0Systems, Network Based Application Recognition (NBAR). http:\/\/www.cisco.com\/c\/en\/us\/products\/ios-nx-os-software\/network-based-application-recognition-nbar. Accessed 27 Dec 2018"},{"key":"581_CR53","doi-asserted-by":"crossref","unstructured":"Deri, L., Martinelli, M., Bujlow, T., Cardigliano, A.: ndpi: open-source high-speed deep packet inspection. In: Wireless Communications and Mobile Computing Conference (IWCMC), International, IEEE, 2014, pp. 617\u2013622 (2014)","DOI":"10.1109\/IWCMC.2014.6906427"},{"key":"581_CR54","doi-asserted-by":"crossref","unstructured":"Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213\u2013226 (2015)","DOI":"10.1145\/2785956.2787502"},{"issue":"3","key":"581_CR55","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2013.66","volume":"11","author":"B Krishnamurthy","year":"2013","unstructured":"Krishnamurthy, B.: Privacy and online social networks: Can colorless green ideas sleep furiously? IEEE Secur Privacy 11(3), 14\u201320 (2013)","journal-title":"IEEE Secur Privacy"},{"key":"581_CR56","doi-asserted-by":"crossref","unstructured":"Papadogiannaki, E., Halevidis, C., Akritidis, P., Koromilas, L.: Otter: A scalable high-resolution encrypted traffic identification engine. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 315\u2013334. Springer, Cham (2018, September)","DOI":"10.1007\/978-3-030-00470-5_15"},{"key":"581_CR57","unstructured":"Hammad, M.M., Shafiq, Z.: Real-time video quality of experience monitoring for https and quic. In: IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pp. 1331\u20131339. IEEE (2018)"},{"key":"581_CR58","doi-asserted-by":"crossref","unstructured":"Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na\u00efve-bayes classifier. In: Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 31\u201342 (2009)","DOI":"10.1145\/1655008.1655013"},{"key":"581_CR59","doi-asserted-by":"crossref","unstructured":"Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 227\u2013238 (2014)","DOI":"10.1145\/2660267.2660362"},{"key":"581_CR60","doi-asserted-by":"crossref","unstructured":"Gonzalez, R., Soriente, C., Laoutaris, N.: User profiling in the time of https. In: Proceedings of the 2016 Internet Measurement Conference, pp. 373\u2013379 (2016, November)","DOI":"10.1145\/2987443.2987451"},{"key":"581_CR61","unstructured":"Song, D.X., Wagner, D.A., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: USENIX Security Symposium, vol. 2001 (2001)"},{"issue":"2","key":"581_CR62","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2636242.2636244","volume":"18","author":"S Seneviratne","year":"2014","unstructured":"Seneviratne, S., Seneviratne, A., Mohapatra, P., Mahanti, A.: Predicting user traits from a snapshot of apps installed on a smartphone. SIGMOBILE Mob. Comput. Commun. Rev. 18(2), 1\u20138 (2014). https:\/\/doi.org\/10.1145\/2636242.2636244","journal-title":"SIGMOBILE Mob. Comput. Commun. Rev."},{"key":"581_CR63","unstructured":"MonkeyRunner, https:\/\/developer.android.com\/studio\/ test\/monkeyrunner\/. Accessed 1 Jan 2019"},{"key":"581_CR64","doi-asserted-by":"crossref","unstructured":"Machiry, A., Tahiliani, R., Naik, M.: Dynodroid: An input generation system for android apps. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, ACM, pp. 224\u2013234 (2013)","DOI":"10.1145\/2491411.2491450"},{"key":"581_CR65","unstructured":"tPacketCapture. Accessed 1 Jan 2019"},{"key":"581_CR66","unstructured":"Tcpdump. https:\/\/www.tcpdump.org\/. Accessed 1 Jan 2019"},{"key":"581_CR67","unstructured":"tinyproxy. https:\/\/tinyproxy.github.io\/. Accessed 1 Jan 2019"},{"key":"581_CR68","doi-asserted-by":"publisher","unstructured":"Liu, Z., Wang, R.: Mobilegt: a system to collect mobile traffic trace and build the ground truth. In: 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), 2016, pp. 142\u2013144. https:\/\/doi.org\/10.1109\/ATNAC.2016.7878798","DOI":"10.1109\/ATNAC.2016.7878798"},{"issue":"6","key":"581_CR69","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1109\/TMC.2017.2762692","volume":"17","author":"R Spolaor","year":"2018","unstructured":"Spolaor, R., Santo, E.D., Conti, M.: Delta: data extraction and logging tool for android. IEEE Trans. Mobile Comput. 17(6), 1289\u20131302 (2018)","journal-title":"IEEE Trans. Mobile Comput."},{"key":"581_CR70","volume-title":"A tool for monitoring usage in smartphone research deployments, mobiarch\u201911, bethesda, maryland","author":"H Falaki","year":"2011","unstructured":"Falaki, H., Mahajan, R., Estrin, D.: A tool for monitoring usage in smartphone research deployments, mobiarch\u201911, bethesda, maryland, usa ACM, New York (2011)","edition":"usa"},{"key":"581_CR71","doi-asserted-by":"crossref","unstructured":"Nandugudi, A., Maiti, A., Ki, T., Bulut, M.\u00a0F., Demirbas, M., Kosar, T., Qiao, C., Ko, S.\u00a0Y., Challen, G.: Phonelab: a large programmable smartphone testbed. In: SENSEMINE@SenSys (2013)","DOI":"10.1145\/2536714.2536718"},{"key":"581_CR72","doi-asserted-by":"publisher","unstructured":"Li, L., Zhao, Y., Jiang, D., Zhang, Y., Wang, F., Gonzalez, I., Valentin, E., Sahli, H.: Hybrid deep neural network-hidden markov model (dnn-hmm) based speech emotion recognition. In: Humaine Association Conference on Affective Computing and Intelligent Interaction, vol. 2013, pp. 312\u2013317 (2013). https:\/\/doi.org\/10.1109\/ACII.2013.58","DOI":"10.1109\/ACII.2013.58"},{"key":"581_CR73","unstructured":"Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. CoRR arXiv:1512.00567"},{"key":"581_CR74","unstructured":"van\u00a0den Oord, A., Dieleman, S., Zen, H., Simonyan, K., Vinyals, O., Graves, A., Kalchbrenner, N., Senior, A.\u00a0W., Kavukcuoglu, K.: Wavenet: a generative model for raw audio. CoRR arXiv:1609.03499"},{"key":"581_CR75","doi-asserted-by":"crossref","unstructured":"Hinton, G.E.: A practical guide to training restricted Boltzmann machines, pp. 599\u2013619. Springer, Berlin (2012)","DOI":"10.1007\/978-3-642-35289-8_32"},{"issue":"1","key":"581_CR76","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1109\/COMST.2017.2779824","volume":"20","author":"R Spreitzer","year":"2018","unstructured":"Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Commun. Surv. Tutor. 20(1), 465\u2013488 (2018). https:\/\/doi.org\/10.1109\/COMST.2017.2779824","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1","key":"581_CR77","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/s10115-006-0027-5","volume":"12","author":"H Koga","year":"2007","unstructured":"Koga, H., Ishibashi, T., Watanabe, T.: Fast agglomerative hierarchical clustering algorithm using locality-sensitive hashing. Knowl. Inf. Syst. 12(1), 25\u201353 (2007). https:\/\/doi.org\/10.1007\/s10115-006-0027-5","journal-title":"Knowl. Inf. Syst."},{"key":"581_CR78","doi-asserted-by":"publisher","unstructured":"Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Can\u2019t you hear me knocking: identification of user actions on android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY\u201915, ACM, New York, NY, USA, 2015, pp. 297\u2013304. https:\/\/doi.org\/10.1145\/2699026.2699119","DOI":"10.1145\/2699026.2699119"},{"key":"581_CR79","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-319-31875-2_21","volume-title":"Information Security Applications","author":"K Park","year":"2016","unstructured":"Park, K., Kim, H.: Encryption is not enough: Inferring user activities on kakaotalk with traffic analysis. In: Kim, H.-W., Choi, D. (eds.) Information Security Applications, pp. 254\u2013265. Springer, Cham (2016)"},{"key":"581_CR80","unstructured":"Moore, A., Zuev D.: Discriminators for use in flow-based classification"},{"key":"581_CR81","unstructured":"Al-Naymat, G., Alkasassbeh, M., Abu-Samhadanh, N., Sakr, S.: Classification of voip and non-voip traffic using machine learning approaches. J. Theor. Appl. Inf. Technol. 3192"},{"key":"581_CR82","unstructured":"Al-Naymat, G., Al-Kasassbeh, M., Abu-Samhadanh, N., Sakr, S.: Classification of voip and non-voip traffic using machine learning approaches. J. Theor. Appl. Inf. Technol"},{"key":"581_CR83","doi-asserted-by":"publisher","unstructured":"Zhang, F., He, W., Liu, X., Bridges, P.G.: Inferring users\u2019 online activities through traffic analysis. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WiSec\u201911, ACM, New York, NY, USA, 2011, pp. 59\u201370. https:\/\/doi.org\/10.1145\/1998412.1998425","DOI":"10.1145\/1998412.1998425"},{"issue":"1","key":"581_CR84","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1109\/TNN.2006.883010","volume":"18","author":"T Auld","year":"2007","unstructured":"Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for internet traffic classification. IEEE Trans. Neural Netw. 18(1), 223\u2013239 (2007). https:\/\/doi.org\/10.1109\/TNN.2006.883010","journal-title":"IEEE Trans. Neural Netw."},{"key":"581_CR85","doi-asserted-by":"publisher","first-page":"18042","DOI":"10.1109\/ACCESS.2017.2747560","volume":"5","author":"M Lopez-Martin","year":"2017","unstructured":"Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.J., Lloret, J.R.: Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5, 18042\u201318050 (2017)","journal-title":"IEEE Access"},{"key":"581_CR86","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/978-3-642-13193-6_32","volume-title":"Experimental Algorithms","author":"R Bar Yanai","year":"2010","unstructured":"Bar Yanai, R., Langberg, M., Peleg, D., Roditty, L.: Realtime classification for encrypted traffic. In: Festa, P. (ed.) Experimental Algorithms, pp. 373\u2013385. Springer, Berlin (2010)"},{"key":"581_CR87","unstructured":"Endace, accessed: 2 Feb 2019. https:\/\/www.endace.com"},{"key":"581_CR88","doi-asserted-by":"publisher","unstructured":"Park, J., Tyan, H., Kuo, C.J.: Ga-based internet traffic classification technique for qos provisioning. In: International Conference on Intelligent Information Hiding and Multimedia, vol. 2006, pp. 251\u2013254 (2006). https:\/\/doi.org\/10.1109\/IIH-MSP.2006.264991","DOI":"10.1109\/IIH-MSP.2006.264991"},{"key":"581_CR89","unstructured":"Lotfollahi, M., Zade, R.S.H., Siavoshani, M.J., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. CoRR arXiv:1709.02656"},{"key":"581_CR90","doi-asserted-by":"publisher","DOI":"10.5220\/0005740704070414","author":"AH Lashkari","year":"2016","unstructured":"Lashkari, A.H., Gil, G.D., Mamun, M., Ghorbani, A.: Characterization of encrypted and vpn traffic using time-related features (2016). https:\/\/doi.org\/10.5220\/0005740704070414","journal-title":"Characterization of encrypted and vpn traffic using time-related features"},{"key":"581_CR91","doi-asserted-by":"crossref","unstructured":"Yao, H., Ranjan, G., Tongaonkar, A., Liao, Y., Mao, Z.M.: Samples: self adaptive mining of persistent lexical snippets for classifying mobile application traffic. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, ACM, pp. 439\u2013451 (2015)","DOI":"10.1145\/2789168.2790097"},{"key":"581_CR92","doi-asserted-by":"crossref","unstructured":"Rao, A., Kakhki, A.M., Razaghpanah, A., Tang, A., Wang, S.Y., Sherry, J., Gill, P., Krishnamurthy, A., Legout, A., Mislove, A., Choffnes, D.: Using the middle to meddle with mobile (2013)","DOI":"10.1145\/2413247.2413286"},{"key":"581_CR93","doi-asserted-by":"crossref","unstructured":"Spreitzer, R., Griesmayr, S., Korak, T., Mangard, S.: Exploiting data-usage statistics for website fingerprinting attacks on android. In: WISEC (2016)","DOI":"10.1145\/2939918.2939922"},{"key":"581_CR94","doi-asserted-by":"publisher","unstructured":"Qazi, Z.\u00a0A., Lee, J., Jin, T., Bellala, G., Arndt, M., Noubir, G.: Application-awareness in sdn. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM\u201913, ACM, New York, NY, USA, 2013, pp. 487\u2013488. https:\/\/doi.org\/10.1145\/2486001.2491700","DOI":"10.1145\/2486001.2491700"},{"issue":"1","key":"581_CR95","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1109\/TIFS.2017.2737970","volume":"13","author":"VF Taylor","year":"2018","unstructured":"Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63\u201378 (2018). https:\/\/doi.org\/10.1109\/TIFS.2017.2737970","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"581_CR96","doi-asserted-by":"publisher","unstructured":"Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: IEEE European Symposium on Security and Privacy (EuroS P), vol. 2016, pp. 439\u2013454 (2016). https:\/\/doi.org\/10.1109\/EuroSP.2016.40","DOI":"10.1109\/EuroSP.2016.40"},{"key":"581_CR97","doi-asserted-by":"publisher","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e8, A.: Traffic classification of mobile apps through multi-classification. In: GLOBECOM 2017-2017 IEEE Global Communications Conference, pp. 1\u20136. https:\/\/doi.org\/10.1109\/GLOCOM.2017.8254059 (2017)","DOI":"10.1109\/GLOCOM.2017.8254059"},{"key":"581_CR98","doi-asserted-by":"crossref","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e8, A.: Mobile encrypted traffic classification using deep learning. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1\u20138 (2018)","DOI":"10.23919\/TMA.2018.8506558"},{"key":"581_CR99","doi-asserted-by":"publisher","unstructured":"Mongkolluksamee, S., Visoottiviseth, V., Fukuda, K.: Enhancing the performance of mobile traffic identification with communication patterns. In: 2015 IEEE 39th Annual Computer Software and Applications Conference, vol.\u00a02, 2015, pp. 336\u2013345. https:\/\/doi.org\/10.1109\/COMPSAC.2015.50","DOI":"10.1109\/COMPSAC.2015.50"},{"key":"581_CR100","doi-asserted-by":"publisher","unstructured":"Le, A., Varmarken, J., Langhoff, S., Shuba, A., Gjoka, M., Markopoulou, A.: Antmonitor: a system for monitoring from mobile devices. In: Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, C2B(1)D\u201915, ACM, New York, NY, USA, 2015, pp. 15\u201320. https:\/\/doi.org\/10.1145\/2787394.2787396","DOI":"10.1145\/2787394.2787396"},{"key":"581_CR101","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1109\/CNS.2015.7346855","volume":"2015","author":"Q Wang","year":"2015","unstructured":"Wang, Q., Yahyavi, A., Kemme, B., He, W.: I know what you did on your smartphone: inferring app usage over encrypted data traffic, In. IEEE Conference on Communications and Network Security (CNS) 2015, 433\u2013441 (2015). https:\/\/doi.org\/10.1109\/CNS.2015.7346855","journal-title":"IEEE Conference on Communications and Network Security (CNS)"},{"key":"581_CR102","unstructured":"Watkins, L., Corbett, C., Salazar, B., Fairbanks, K., Robinson, W.H.: Using network traffic to remotely identify the type of applications executing on mobile devices"},{"key":"581_CR103","doi-asserted-by":"crossref","unstructured":"Alan, H.F., Kaur, J.: Can android applications be identified using only tcp\/ip headers of their launch time traffic?. In: WISEC (2016)","DOI":"10.1145\/2939918.2939929"},{"issue":"8","key":"581_CR104","doi-asserted-by":"publisher","first-page":"1830","DOI":"10.1109\/TIFS.2017.2692682","volume":"12","author":"M Shen","year":"2017","unstructured":"Shen, M., Wei, M., Zhu, L., Wang, M.: Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Trans. Inf. Forensics Secur. 12(8), 1830\u20131843 (2017). https:\/\/doi.org\/10.1109\/TIFS.2017.2692682","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"581_CR105","doi-asserted-by":"crossref","unstructured":"Rao, A., Sherry, J., Legout, A., Krishnamurthy, A., Dabbous, W., Choffnes, D.: Meddle: middleboxes for increased transparency and control of mobile traffic. In: Proceedings of the 2012 ACM conference on CoNEXT student workshop, ACM, pp. 65\u201366 (2012)","DOI":"10.1145\/2413247.2413286"},{"key":"581_CR106","unstructured":"Citrix, SSL interception. https:\/\/docs.citrix.com\/en-us\/netscaler-secure- web-gateway\/12\/ssl-interception.html. Accessed 1 Jan 2019"},{"key":"581_CR107","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-642-01645-5_10","volume-title":"Traffic Monitoring and Analysis","author":"S Valenti","year":"2009","unstructured":"Valenti, S., Rossi, D., Meo, M., Mellia, M., Bermolen, P.: Accurate, fine-grained classification of p2p-tv applications by simply counting packets. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) Traffic Monitoring and Analysis, pp. 84\u201392. Springer, Berlin (2009)"},{"key":"581_CR108","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/2677046.2677048","volume":"44","author":"SE Coull","year":"2014","unstructured":"Coull, S.E., Dyer, K.P.: Traffic analysis of encrypted messaging services: apple imessage and beyond. Comput. Commun. Rev. 44, 5\u201311 (2014)","journal-title":"Comput. Commun. Rev."},{"issue":"11","key":"581_CR109","doi-asserted-by":"publisher","first-page":"2851","DOI":"10.1109\/TMC.2016.2516020","volume":"15","author":"Y Fu","year":"2016","unstructured":"Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mobile Comput. 15(11), 2851\u20132864 (2016). https:\/\/doi.org\/10.1109\/TMC.2016.2516020","journal-title":"IEEE Trans. Mobile Comput."},{"key":"581_CR110","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-54970-4_22","volume-title":"Financial Cryptography and Data Security","author":"E Vanrykel","year":"2017","unstructured":"Vanrykel, E., Acar, G., Herrmann, M., Diaz, C.: Leaky birds: Exploiting mobile application traffic for surveillance. In: Grossklags, J., Preneel, B. (eds.) Financial Cryptography and Data Security, pp. 367\u2013384. Springer, Berlin (2017)"},{"key":"581_CR111","doi-asserted-by":"publisher","unstructured":"St\u00f6ber, T., Frank, M., Schmitt, J., Martinovic, I.: Who do you sync you are? smartphone fingerprinting via application behaviour https:\/\/doi.org\/10.1145\/2462096.2462099","DOI":"10.1145\/2462096.2462099"},{"key":"581_CR112","doi-asserted-by":"publisher","unstructured":"Verde, N.V., Ateniese, G., Gabrielli, E., Mancini, L.V., Spognardi, A.: No nat\u2019d user left behind: Fingerprinting users behind nat from netflow records alone. In: 2014 IEEE 34th International Conference on Distributed Computing Systems, 2014, pp. 218\u2013227. https:\/\/doi.org\/10.1109\/ICDCS.2014.30","DOI":"10.1109\/ICDCS.2014.30"},{"key":"581_CR113","doi-asserted-by":"publisher","unstructured":"Malik, N., Chandramouli, J., Suresh, P., Fairbanks, K., Watkins, L., Robinson, W.H.: Using network traffic to verify mobile device forensic artifacts. In: 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), 2017, pp. 114\u2013119. https:\/\/doi.org\/10.1109\/CCNC.2017.7983091","DOI":"10.1109\/CCNC.2017.7983091"},{"key":"581_CR114","doi-asserted-by":"publisher","unstructured":"Aksoy, A., Louis, S., Gunes, M.H.: Operating system fingerprinting via automated network traffic analysis. In: IEEE Congress on Evolutionary Computation (CEC), vol. 2017, pp. 2502\u20132509 (2017). https:\/\/doi.org\/10.1109\/CEC.2017.7969609","DOI":"10.1109\/CEC.2017.7969609"},{"key":"581_CR115","doi-asserted-by":"crossref","unstructured":"Chen, Y.-C., Liao, Y., Baldi, M., Lee, S.-J., Qiu, L.: Os fingerprinting and tethering detection in mobile networks. In: Internet Measurement Conference (2014)","DOI":"10.1145\/2663716.2663745"},{"key":"581_CR116","doi-asserted-by":"publisher","unstructured":"Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C.A., Nahrstedt, K.: Identity, location, disease and more: Inferring your secrets from android public resources. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS\u201913, ACM, New York, NY, USA, 2013, pp. 1017\u20131028. https:\/\/doi.org\/10.1145\/2508859.2516661","DOI":"10.1145\/2508859.2516661"},{"key":"581_CR117","doi-asserted-by":"crossref","unstructured":"Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 255\u2013263 (2006)","DOI":"10.1145\/1180405.1180437"},{"key":"581_CR118","doi-asserted-by":"crossref","unstructured":"Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can Uncovering spoken phrases in encrypted voip conversations. In: IEEE Symposium on Security and Privacy (sp 2008). IEEE 2008, 35\u201349 (2008)","DOI":"10.1109\/SP.2008.21"},{"key":"581_CR119","unstructured":"Wang, T., Goldberg, I.: Walkie-talkie: an efficient defense against passive website fingerprinting attacks, in: 26th USENIX Security Symposium (USENIX Security 17), pp. 1375\u20131390 (2017)"},{"key":"581_CR120","doi-asserted-by":"crossref","unstructured":"Frolov, S., Wustrow, E.: The use of TLS in Censorship Circumvention. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23511"},{"key":"581_CR121","doi-asserted-by":"crossref","unstructured":"Bahuguna, A., Agrawal, A., Bhatia, A., Tiwari, K., Vishwakarma, D.: User profiling using smartphone network traffic analysis. In: 2021 International Conference on COMmunication Systems NETworkS (COMSNETS), pp. 69\u201373. IEEE (2021)","DOI":"10.1109\/COMSNETS51098.2021.9352901"},{"key":"581_CR122","unstructured":"\u201cForensic Methodology Report: How to catch NSO Group\u2019s Pegasus | Amnesty International.\u201d [Online]. Available: https:\/\/www.amnesty.org\/en\/latest\/research\/2021\/07\/forensic-methodology-report-how-to-catch-nso-groups-pegasus\/. Accessed 01 Aug 2021"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00581-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00581-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00581-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,19]],"date-time":"2024-09-19T08:07:44Z","timestamp":1726733264000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00581-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,25]]},"references-count":122,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["581"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00581-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,2,25]]},"assertion":[{"value":"25 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"Not applicable.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}]}}