000170444 001__ 170444
000170444 005__ 20260420103355.0
000170444 0247_ $$2doi$$a10.1016/j.knosys.2026.115893
000170444 0248_ $$2sideral$$a148928
000170444 037__ $$aART-2026-148928
000170444 041__ $$aeng
000170444 100__ $$aMehavilla, Lorena$$uUniversidad de Zaragoza
000170444 245__ $$aUnveiling user activities on instant messaging platforms: A study of activity fingerprinting through traffic analysis and machine learning techniques
000170444 260__ $$c2026
000170444 5060_ $$aAccess copy available to the general public$$fUnrestricted
000170444 5203_ $$aEncrypted instant messaging (IM) traffic conceals message content but still exposes communication patterns that can reveal user behaviour. This paper presents a unified framework for inferring user activities across multiple IM platforms by analysing encrypted traffic using machine learning techniques. The proposed approach integrates empirical traffic characterisation, transaction-centric segmentation, and lightweight classifiers to detect user actions, such as sending or receiving text and multimedia messages, in real time. Using Zeek as the core analysis engine, the framework performs packet inspection, transaction segmentation, connection classification, and feature extraction. The framework was evaluated on traffic from nine major IM platforms (Discord, Facebook Messenger, Instagram, Snapchat, Microsoft Teams, Telegram, WeChat, WhatsApp, and X), achieving F1 scores ranging from 0.62 for X up to 0.98 for WhatsApp. Unlike prior studies limited to single applications or synthetic datasets, our work employs realistic, user-driven traffic and explicitly distinguishes message type and direction, improving comparison and cross-platform generalization. Beyond methodological advancements, this study exposes privacy risks inherent in encrypted communication and outlines ethical safeguards and countermeasures to mitigate activity fingerprinting. The findings demonstrate that accurate, real-time inference of encrypted messaging activities is feasible under responsible, consent-based conditions, offering valuable insights for network forensics and privacy-aware communication design.
000170444 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T31-20R$$9info:eu-repo/grantAgreement/ES/MICIU/PID2022-136476OB-I00
000170444 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttps://creativecommons.org/licenses/by/4.0/deed.es
000170444 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000170444 700__ $$0(orcid)0000-0001-9485-7678$$aGarcía, José$$uUniversidad de Zaragoza
000170444 700__ $$0(orcid)0000-0002-5254-1402$$aAlesanco, Álvaro$$uUniversidad de Zaragoza
000170444 7102_ $$15008$$2560$$aUniversidad de Zaragoza$$bDpto. Ingeniería Electrón.Com.$$cÁrea Ingeniería Telemática
000170444 773__ $$g342 (2026), 115893 [17 pp.]$$pKnowl.-based syst.$$tKNOWLEDGE-BASED SYSTEMS$$x0950-7051
000170444 8564_ $$s2281478$$uhttps://zaguan.unizar.es/record/170444/files/texto_completo.pdf$$yVersión publicada
000170444 8564_ $$s2792366$$uhttps://zaguan.unizar.es/record/170444/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000170444 909CO $$ooai:zaguan.unizar.es:170444$$particulos$$pdriver
000170444 951__ $$a2026-04-18-10:49:41
000170444 980__ $$aARTICLE