170444 20260420103355.0 doi 10.1016/j.knosys.2026.115893 sideral 148928 ART-2026-148928 eng Mehavilla, Lorena Universidad de Zaragoza Unveiling user activities on instant messaging platforms: A study of activity fingerprinting through traffic analysis and machine learning techniques 2026 Encrypted instant messaging (IM) traffic conceals message content but still exposes communication patterns that can reveal user behaviour. This paper presents a unified framework for inferring user activities across multiple IM platforms by analysing encrypted traffic using machine learning techniques. The proposed approach integrates empirical traffic characterisation, transaction-centric segmentation, and lightweight classifiers to detect user actions, such as sending or receiving text and multimedia messages, in real time. Using Zeek as the core analysis engine, the framework performs packet inspection, transaction segmentation, connection classification, and feature extraction. The framework was evaluated on traffic from nine major IM platforms (Discord, Facebook Messenger, Instagram, Snapchat, Microsoft Teams, Telegram, WeChat, WhatsApp, and X), achieving F1 scores ranging from 0.62 for X up to 0.98 for WhatsApp. Unlike prior studies limited to single applications or synthetic datasets, our work employs realistic, user-driven traffic and explicitly distinguishes message type and direction, improving comparison and cross-platform generalization. Beyond methodological advancements, this study exposes privacy risks inherent in encrypted communication and outlines ethical safeguards and countermeasures to mitigate activity fingerprinting. The findings demonstrate that accurate, real-time inference of encrypted messaging activities is feasible under responsible, consent-based conditions, offering valuable insights for network forensics and privacy-aware communication design. Access copy available to the general public Unrestricted info:eu-repo/grantAgreement/ES/DGA/T31-20R info:eu-repo/grantAgreement/ES/MICIU/PID2022-136476OB-I00 info:eu-repo/semantics/openAccess by https://creativecommons.org/licenses/by/4.0/deed.es info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion García, José Universidad de Zaragoza (orcid)0000-0001-9485-7678 Alesanco, Álvaro Universidad de Zaragoza (orcid)0000-0002-5254-1402 5008 560 Universidad de Zaragoza Dpto. Ingeniería Electrón.Com. Área Ingeniería Telemática 342 (2026), 115893 [17 pp.] Knowl.-based syst. KNOWLEDGE-BASED SYSTEMS 0950-7051 2281478 http://zaguan.unizar.es/record/170444/files/texto_completo.pdf Versión publicada 2792366 http://zaguan.unizar.es/record/170444/files/texto_completo.jpg?subformat=icon icon Versión publicada oai:zaguan.unizar.es:170444 articulos driver 2026-04-18-10:49:41 ARTICLE