Eavesdropping Mobile Apps and Actions through Wireless Traffic in the Open World

While smartphones and WiFi networks are bringing many positive changes to people's lives, they are susceptible to traffic analysis attacks, which infer user's private information from encrypted traffic. Existing traffic analysis attacks mainly target TCP/IP layers or are limited to the closed-world assumption, where all possible apps and actions have been involved in the model training. To overcome these limitations, we propose MACPrint, a novel system that infers mobile apps and in-app actions based on WiFi MAC layer traffic in the open-world setting. MACPrint first extracts rich statistical and contextual features of encrypted wireless traffic. Then, we develop Label Recorder, an automatic traffic labeling app, to improve labeling accuracy in the training phase. Finally, TCN models with OpenMax functions are used to recognize mobile apps and actions in the open world accurately. To evaluate our system, we collect MAC layer traffic data over 125 hours from more than 40 apps. The experimental results show that MAC-Print can achieve an accuracy of over 96% for recognizing apps and actions in the closed-world setting, and obtains an accuracy of over 86% in the open-world setting.