Generating and Analyzing Encrypted Traffic of Instant Messaging Applications: A Comprehensive Framework

Abstract

Instant Messaging Applications (IMAs) are the primary communication tools for smartphone users. However, analyzing encrypted network traffic from IMAs poses challenges due to end-to-end encryption, user privacy, and dynamic port usage. Limited research exists on encrypted network traffic analysis of IMAs on mobile devices. This thesis proposes a comprehensive framework for generating and analyzing encrypted IMA traffic on mobile devices. The framework utilizes open-source tools to emulate user behavior and capture, filter and label resulting traffic on Android devices. It employs a data-driven approach using machine learning classification models to automatically extract features from network traffic and distinguish between different IMAs. Evaluation results show that it is possible to accurately identify different IMAs with high F1 scores. The thesis also evaluates the behavior of six popular IMAs and provides insights that could assist network operators and security experts to monitor and analyze network traffic effectively.