Toward Automatic Mobile Application Fingerprint Extraction from Non-encrypted HTTP Traffic

The ever-increasing number of mobile applications and polymorphic variants create a pressing need for automatic approaches to infer distinguishable fingerprints for dissecting the collected network traces into the corresponding categories. In this paper, we present LightPrint, a lightweight method that given a large pool of HTTP network traffic, generates app fingerprints. LightPrint produces these fingerprints by constructing a series of domains, and every domain is a set of weighted keywords, to characterize HTTP request/response pairs. We have implemented LightPrint and evaluated it on a recently collected traffic dataset with ground truth. Our experimental results show that the proposed approach performs mobile app identification task with high precision (over 96 %) and recall (over 93 %).