Abstract

Recent academic studies have demonstrated the possibility of inferring user actions performed in mobile apps by analyzing the resulting encrypted network traffic. Due to the multitude of app versions, mobile operating systems, and device models (collectively referred to in this paper as configurations) previous approaches are not applicable to real life settings. In this work, we ex-tend the ability of these approaches to generalize across different configurations. We treat the different configurations as a case for transfer learning, and adapt the co-training method to sup-port the transfer learning process. Our approach leverages a small number of labeled instances of encrypted traffic from a source configuration, in order to construct a classifier capable of identi-fying a users actions in a different (target) configuration which is completely unlabeled. Experi-ments on real datasets collected from different applications on Android devices show that the proposed method achieves F1 measures over 0.8 for most of the considered user actions.