Transfer learning for user action identication in mobile apps via encrypted traffic analysis

Edita Grolman, Andrey Finkelshtein, Rami Puzis, Asaf Shabtai, Ziv Katzir, Liron Rosenfeld

Research output: Contribution to journalArticlepeer-review


Recent academic studies have demonstrated the possibility of inferring user actions performed in mobile apps by analyzing the resulting encrypted network traffic. Due to the multitude of app versions, mobile operating systems, and device models (collectively referred to in this paper as configurations) previous approaches are not applicable to real life settings. In this work, we ex-tend the ability of these approaches to generalize across different configurations. We treat the different configurations as a case for transfer learning, and adapt the co-training method to sup-port the transfer learning process. Our approach leverages a small number of labeled instances of encrypted traffic from a source configuration, in order to construct a classifier capable of identi-fying a users actions in a different (target) configuration which is completely unlabeled. Experi-ments on real datasets collected from different applications on Android devices show that the proposed method achieves F1 measures over 0.8 for most of the considered user actions.

Original languageAmerican English
Pages (from-to)40-53
Number of pages14
JournalIEEE Intelligent Systems
Issue number2
StatePublished - 1 Mar 2018


  • co-training
  • encrypted network traffic
  • social applications
  • transfer learning

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Artificial Intelligence


Dive into the research topics of 'Transfer learning for user action identication in mobile apps via encrypted traffic analysis'. Together they form a unique fingerprint.

Cite this