 |
 |
|
|
|
The smartphone applications have taken place of the web browser and became the user’s primary internet entrance. One application’s popularity can be measured by its downloading times, and it is valuable for commercial advertising. Identifying app installation packages from network traffic is one of the most feasible approaches to collect these data. But asymmetric routing, incomplete capture and so on make it challenging to determine app’s name at large scale in network traffic. With these constraints, we proposed AppTwins, an efficient, robust and automatical  approach which has the ability to determine corrupted package’s name. The identification consists of three distinct steps. Step 1, identify app packages with a stream fuzzy hash fingerprint database in live network traffic. Step 2, the unprecedented ones were captured and decompiled to acquire new app’s name, a fingerprint was also calculated. Step3, update the database with new app’s name and fingerprint. AppTwins achieves up a recall rate of 97.63% and a precision rate of 96.44% when app packages are almost complete. Furthermore, It can also identify incomplete app packages in the real traffic where there are no name or URL.The smartphone applications have taken place of the web browser and became the user’s primary internet entrance. One application’s popularity can be measured by its downloading times, and it is valuable for commercial advertising. Identifying app installation packages from network traffic is one of the most feasible approaches to collect these data. But asymmetric routing, incomplete capture and so on make it challenging to determine app’s name at large scale in network traffic. With these constraints, we proposed AppTwins, an efficient, robust and automatical  approach which has the ability to determine corrupted package’s name. The identification consists of three distinct steps. Step 1, identify app packages with a stream fuzzy hash fingerprint database in live network traffic. Step 2, the unprecedented ones were captured and decompiled to acquire new app’s name, a fingerprint was also calculated. Step3, update the database with new app’s name and fingerprint. AppTwins achieves up a recall rate of 97.63% and a precision rate of 96.44% when app packages are almost complete. Furthermore, It can also identify incomplete app packages in the real traffic where there are no name or URL.
|