toolkit code , which allows you to determine network mobile applications by analyzing encrypted traffic generated during the operation of the application. It is possible to determine both typical programs for which statistics have been accumulated, and to identify the activity of new applications. The code is written in Python and under the MIT license.
The program implements , which determines the features of data exchange characteristic of different applications (delays between packets, features of data flows, changing the size of packets, features of a TLS session, etc.). For Android and iOS mobile apps, app recognition accuracy is 89.2%. In the first five minutes of data exchange analysis, 72.3% of applications can be identified. The accuracy of identifying new applications that have not been seen before is 93.5%.
Source: opennet.ru