DNS query forgery: a client-side defense against mobile app traffic profiling
Mobile applications generate DNS queries that expose user behavioral patterns to network observers, creating privacy vulnerabilities even when communications are encrypted. Network eavesdroppers and DNS resolvers can analyze domain name sequences to profile users based on their app usage patterns. T...
| Autores: | , , , , |
|---|---|
| Tipo de recurso: | artículo |
| Fecha de publicación: | 2025 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/450171 |
| Acceso en línea: | https://hdl.handle.net/2117/450171 https://dx.doi.org/10.1109/ACCESS.2025.3633695 |
| Access Level: | acceso abierto |
| Palabra clave: | DNS traffic Data perturbation techniques Privacy-enhancing technologies Query forgery User privacy User profiling Àrees temàtiques de la UPC::Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors |
| Sumario: | Mobile applications generate DNS queries that expose user behavioral patterns to network observers, creating privacy vulnerabilities even when communications are encrypted. Network eavesdroppers and DNS resolvers can analyze domain name sequences to profile users based on their app usage patterns. This paper proposes a client-side defense mechanism based on DNS query forgery to obfuscate user DNS-based profiles. Our method applies a query forgery technique that consists of injecting false DNS queries into genuine traffic streams. We mathematically model user profiles as probability distributions over interest categories and analyze the optimal proportion of false queries needed to achieve desired privacy levels. We evaluate three query forgery strategies: Uniform, TrackMeNot-based, and Optimized, finding that the Optimized strategy using KL divergence is the most effective. To validate our approach, we develop a novel methodology for generating synthetic user traces, creating a dataset of 1,000 users by mapping real app traffic data onto individual user profiles. Our analysis reveals that 50% privacy improvement is achievable with less than 20% traffic overhead, while 100% privacy protection requires approximately 40-60% additional traffic. We further propose a modular system architecture for practical implementation on mobile devices. This work offers a client-side privacy solution that operates without third-party trust requirements, empowering users to defend against traffic analysis without compromising application functionality. |
|---|