A Fully Automated Deep Packet Inspection
Verification System with Machine Learning
Uday Trivedi
Samsung R&D Institute, Bangalore (SRIB)
Bangalore, India
[email protected]
[email protected]
Abstract— Deep Packet Inspection (DPI) technique has
become very important for traffic detection and resource
management in core networks. Applications frequently update
their version to add new features and/or to bypass firewall/DPI
systems. Thus, an accurate DPI system needs to periodically
verify existing signatures and update them if required. The
manual task of application traffic generation and verification on
multiple platforms is very tedious and error-prone. We propose a
fully automated DPI verification system with machine learning
techniques for periodic DPI signature verification and update.
Automated mobile application traffic generation is achieved by
open source tools like GUITAR and Appium. Signature
verification and undetected application flow search is achieved by
AutoIT scripts. New signature patterns from undetected flows
are suggested by Auto Signature module, completing full
signature verification and update cycle. Initial test results show
that our solution saves lot of man hours and detects signature
update in shortest possible time.
Keywords-component; DPI, Deep Packet Inspection, GUI
Automation Testing, Automated Signature Generation
I. INTRODUCTION
The advent of 4G LTE is changing the landscape of data
usage. LTE offers the promise of a pure, all-IP converged core
network with high data rate. With “all-IP” networks, lot of
traffic and resource management issues like managing P2P
application traffic load, providing high QoS for priority flows
etc. can crop up. Network operators need to prioritize their
resources and adjust resource allocation schedule based on
network congestion and application traffic. Thus, they must
find effective ways to identify application traffic and apply
different policies based on various parameters like network
status, application traffic, subscriber profile, time of day etc.
Deep packet inspection (DPI) is a network packet
inspection system which examines packet payloads to identify
traffic flows. DPI system uses application specific unique
signatures to identify application traffic. The working DPI
solution must identify applications in real time. Thus, the DPI
solution must to be fast, accurate and easy to upgrade.
A. Need For Automation
The mobile application development world is a dynamic
world. Developers frequently update their applications with
encryption, obfuscation, anomalous use of well-known ports
etc. Every new version makes them more stealthy and difficult
Munal Patel
Samsung R&D Institute, Bangalore (SRIB)
Bangalore, India
to detect. Therefore, it is essential to frequently analyze and
update identification mechanism to detect flows of newer
versions of applications.
However, signature identification process is very rigorous
process [1]. For newer application versions, same procedure
must be repeated to detect and verify new signatures. Such a
painstaking manual approach will not scale if it has to be
applied individually to the growing range and number of
diverse applications [2]. With growing number of mobile apps
coming with local versions and their agile development life
cycle, automation testing is the only way to go. This paper
proposes a method which automates the entire process of
application traffic generation and signature verification.
B. Related Work
Automation testing is widely used to perform effective and
fast testing of software products that have a long maintenance
life. Many proprietary and paid test automation tools provide
record and playback features that allow testers to interactively
record user actions and replay them back while testing,
comparing actual results to those expected. This method
requires little or no test script development. However, this
method may pose major reliability and maintainability
problems. Relabeling a button or changing location of window
may require the test to be re-recorded. For testing of web sites,
Headless browsers or solutions based on Selenium Web Driver
are normally used.
Researchers [3] state that to cope with frequent upgrades
of mobile devices and technologies, an elastic infrastructure to
support large-scale test automation is needed. Research work
[4] on integrated test automation frameworks has proposed
research tools at the system level that support mobile testing
on multiple heterogeneous platforms.
Mobile application test automation domain has seen lot of
research. However, all of the solutions are mainly focused on
finding GUI or application specific development issues. As
per our knowledge, this is the first time an attempt is made to
automate entire DPI signature verification process using
mobile app automation.
Automatic signature generation has been a thoroughly
researched domain. Want et al [5] used k-common substrings
and multiple sequence alignment algorithm to generate regular
expressions with good accuracy. Researchers Wang et al., [6]
have proposed to use supervised machine learning models
automatically learned from the data sets as application requires rooting of device
signatures. We have attempted very simple signature We had following criteria for selecting automation tool:
suggestion algorithm which provides signature suggestion for  Automation support for Android/iOS/Both
HTTP, HTTPS, TCP and UDP flows.  Open source/proprietary/paid tool
II. DPI TEST AUTOMATION  Coordinate /image/Object based automation
We analyzed multiple tools for their strength and
Since DPI system can have hundreds of application limitations. Table 1 lists popular automation tools with these
signatures to be tested, we devised a way to fast-track the test details. We selected Appium and GUITAR for Android and
of those applications which have updated versions from iOS automation respectively.
previous test.
1) Automated App Traffic Generation on Android
We have written a python script which reads application
page on google play store and iOS app store and saves app Appium is an open source test automation tool for mobile
version information. In next run, if it finds change in app applications. It allows users to test all the three types of mobile
version, automated test is run immediately for that application applications: native, hybrid and mobile web. It also allows
for possible signature update. running the automated tests on actual devices, emulators and
simulators. Appium doesn’t modify app or need to even
We target following manual tasks to be automated: recompile the app on Android platform.
 Generating mobile application traffic for Android and
iOS platforms. Appium works on elements present on screen which can be
accessed with APIs provided by respective OS. Once an
 Generating application website traffic on mobile
element is selected, we can perform various gestures on it.
browser.
Appium works as a server between test case script and
 Verifying existing signatures and finding undetected
application running on mobile device. Initially test case should
application flows.
set capabilities of application so that server can launch
 Suggesting new signatures from undetected flows and
application in specific context. Appium explores capabilities
verifying those signatures with application traffic.
of Android to access view hierarchy represented with DOM
Our contribution in this paper is to automate the task of (Document Object Model). So while designing test cases, IDs
generating application traffic using open source tools, devising from DOM can be used and operations can be performed on it.
algorithms for verifying existing DPI signatures using Appium supports all major operation on touch screen like
machine learning techniques and suggesting new signatures touch, swipe, zoom, long press, etc.
from undetected flows. Following sub-sections discuss each of
Appium has few limitations as well. Appium does not do
these tasks in detail.
image comparison on mobile application GUI for performing
A. Automated Application Traffic Generation gestures. Appium requires developer image for iOS app
Test automation on mobile device poses many challenges. automation. Since DPI task involves working on 3rd party
Platforms: Android, iOS, Windows mobile, Tizen etc. No apps, we used GUITAR for iOS test automation.
single tool supports all platforms. 2) Automated App Traffic Generation on iOS
Screen size and resolution (Depth per Inch): Each mobile GUITAR is a GUI driven mobile test automation
device comes with different screen size and resolution. The framework. It performs test cases based on Image search.
automation script should be able to work with all of them. GUITAR framework searches images on attached mirrored
Table 1: Comparison between mobile automation tools mobile device window and performs gestures on it. GUITAR
Tool Strengths Limitations scripts are written with associated images. GUITAR provides
Monkey Coordinate based Supports only Android. image clipping tool to cut images while developing scripts.
Runner automation. Easy to Requires difference scripts As GUITAR works on application window on screen, we
setup. for different devices which need to mirror iOS mobile device to test system with control
can break with slight capabilities. iOS does not provide any means to control device
change in UI.
connected to a system. So we need to root iOS device and then
UI Integrated with Android Supports only Android.
Automator development IDE. Object Doesn’t provide support use desktop sharing tools like VNC to control device. As VNC
based automation for web-view, long press. with mobile data or WiFi creates significant delay in rendering
Monkey Open source, eclipse Limited features in free images, communication of VNC data is done through USB.
Talk based IDE. Supports iOS version. GUITAR supports multiple mobile devices at the same time so
& Android apps. that we can run VoIP apps on both devices for VoIP call/chat.
Appium Element based iOS Apps requires Many Signup and transactional flows require users to
[7] Navigation, Large Open source/debug binaries, No
recognize and enter captcha text to make sure that humans and
source community image based navigation
GUITAR Open Source, Supports Small open source
not automation scripts are operating. Out system is designed to
[8] iOS & Android apps, community, No Element use Tesseract library to fill captcha details by converting
Image based navigation based navigation, iOS image to text (OCR) and then using that text. Further, there are
some application flows where image to text is required while
checking results. For chat apps, when a message is sent to
other device, we can check if other device received same
message using image to text conversion.
B. Generating Application WebTraffic on Mobile Browser
Many services do not have any mobile applications and
require browsers to operate. For many services, users may
prefer browser based interface rather than mobile app as they
don’t want to download/install multiple applications.
Considering these facts, it is necessary to include verification
for mobile browser based traffic as well. As browser based
web interface tend to change a lot, conventional image or
element based navigation may not provide complete coverage.
To solve this problem, we came up with an approach where
we utilize features of chrome browser along with some third
party extensions and python script to access all links from
webpage till nth level depth. This way we can generate traffic
with different scenarios.
AutoIt [9] is a scripting language designed for automating
the Windows GUI and general scripting. It uses a combination
of simulated keystrokes, mouse movement and window/
control manipulation. The AutoIT script sets chrome browser
to emulate particular mobile device browser. After that, the
script opens base URL on browser. The browser opens base
URL web page. After the page is loaded, a JavaScript fetches
all other sub-URLs from that page. The script hits few random
URLs from sub-URL list. There is a configuration option to
ignore certain URLs based on keywords. This process runs till
nth level of URL depth or for certain period of time.
C. Automated Application Signature Verification
Signature verification task is very complex task due to the
fact that an application/web page can have number of
“application unrelated” links to 3rd party ad/stats sites. Also,
application can have 3rd party CDN links from which it may
fetch audio/video/ images related to its service. The
verification system must classify application specific relevant
flows and check detection result for only those flows. If that
task is not done properly, the verification system can check
detection result for non-relevant flows and generate many
false “false positive“ alarms. For ex, many sites have option of
sharing video to Facebook, Twitter etc. Many sites use scripts
from 3rd party apps for running site smoothly. Such flows are
irrelevant flows while testing an application signature.
We solve this problem by keeping “exclude list” and
“include list”. The script parses signature database and copies
unique application specific patterns into “include list”.
“Exclude list” has patterns from unrelated 3rd party
CDN/generic/Adv./stats sites.
Before running GUI test case, verification script starts
capturing PCAP file using tshark. Tshark is command line
extension of Wireshark network protocol analyzer. GUI script
opens test application on mobile and generates application
traffic by performing gestures on various features. After GUI
run, the script extracts relevant flows from saved PCAP file
using “include” and “exclude” lists. Based on pattern
matching from these lists, HTTP, SSL, TCP and UDP flows
are categorized as relevant or irrelevant flow. Flows with SSL
renegotiation do not have any signature pattern in payload.
This case is handled by retrieving SSL session id from all
relevant SSL flows and marking SSL flows having same
session id as relevant flow. For UDP flows, port number in
“include” and “exclude” list is used to mark relevant flows.
All remaining TCP flows are checked for flow size and
marked as relevant flow if it is above threshold size.
The script then generates list of relevant flows. The
verification system uses a utility which reads detection
database and provides DPI detection result. The verification
system gives list of false negative cases if relevant application
flow is marked as HTTP/HTTPS/Undetected and not with the
tested application id A. Similarly, verification system gives list
of false positive cases if relevant application flow is marked as
any another application id B, instead of tested application id
A. Relevant flows which are not detected properly are
forwarded to automated signature generation module. Auto
signature suggestion module gives unique application pattern
suggestion for HTTP, HTTPS, TCP and UDP flows. For
HTTP and HTTPS flows, it checks standard headers like
“Host”, “Referer”, “Client Hello server name” etc. For TCP
and UDP flows, it finds unique byte pattern(s) by comparing
multiple similar flows.
Following fig. 1 shows complete architecture of DPI
automated verification system. CLI is used to run some
configuration command for DPI module and to get detection
result in terms of detection count for each application.
Each flow from the PCAP files is classified into four
categories: HTTP, SSL, TCP (other than HTTP and SSL) and
UDP. Each flow from these categories is processed separately
to identify relevant flows.
1. HTTP: HTTP flows can have unique signatures in HTTP
“Host”, “Referer”, “User-Agent” header and/or inside URI
string. The script checks “include list” and marks all flows
with matching pattern from “include list” in HTTP request
packet as relevant flows. The script checks “exclude list” as
well and marks all flows with matching pattern from “exclude
list” as non-relevant flows. From relevant flows, each server
IP is selected and all HTTP flows having that server IP are
also considered as relevant flows.

Figure 1: DPI Automated Verification System Architecture
2. SSL: SSL flows can have unique signature in “Client Hello”
and “Server Hello” Packets. The patterns in include and
exclude list are used to mark flows as relevant and non-
relevant flows like HTTP. SSL renegotiation case is handled
by retrieving session id from all relevant flows and marking
flows having same session id as relevant flow.
3. UDP: For UDP flows, port number is used in “include list”
and “exclude list”. By default, port number <=1024 are
excluded from relevant flows as they are used for standard
protocol related flows. If any port <= 1024 is required for
particular application, it can be added in “include list”. UDP
flows above minimum size are considered as relevant flows.
4. TCP (Other than SSL and UDP): All remaining TCP flows
are checked for flow size and marked as relevant flow if it is
above threshold size.
1) Machine Learning:
Proposed verification system uses machine learning
algorithms to learn more about possible weak signatures, false
positive/negative match occurrence etc. Following machine
learning techniques are employed:
a) Building non-relevant pattern database:
How does verification system know that a particular
undetected flow is relevant flow or advertisement/ statistics/
Content Delivery Network (CDN) related flow? To correctly
classify relevant and non-relevant flows, a robust non-relevant
pattern database is required. However, one can not build such
database manually as there are millions of such links and
applications keep on adding new statistical/advertisement/
CDN links in newer versions.
With machine learning technique, we build non-relevant
pattern database from scratch by finding non-relevant
application traffic getting detected in multiple application
traffic. The system keeps track relative frequency of patterns
from HTTP/HTTPS packets and keeps updating it to conclude
about a given undetected flow. Below table 2 shows sample
database for non-relevant flows.
Table 2: Non-relevant pattern database
Pattern Flows Apps detected Prob. of non-
detected relevant
doubleclick.com 30 3 (id x,y,z) 1
stats.com 6 1 0.066
We compute probability of a pattern being part of non-
relevant flow by following equation:
(1)
Where FlowsDetected is total flows detected with given
pattern, AppsDetected is total apps detected with given
pattern, FlowThreshold is flow threshold for marking the
pattern as non-relevant pattern (around 30) and AppThreshold
is total matching application threshold for marking the pattern
as non-relevant pattern (around 3).
As noted, unique pattern(s) related to an application can
be found from certain headers of HTTP/HTTPS packets. A
non-relevant HTTP/HTTPS flow from application X will be
marked as either HTTP or HTTPS if detection for application
X is not supported by system. This is obvious as system does
not have signature to detect flows of app X. If app X detection
is supported, that non-relevant flow will be marked as
application X. In both cases, verification system parses
HTTP/HTTPS packet of such non-relevant flows and retrieves
patterns from standard headers and adds it in non-relevant
flow table. If that same pattern is repeated in multiple
application traffic, the system concludes that it is generic flow
and marks it as non-relevant flow.
Initially, only few manual entries are added in non-
relevant flow table. With more tests, this table is updated with
more patterns. Once flow and app count reaches given
threshold, given pattern is marked as non-relevant pattern and
then onwards, flows having this pattern are marked as non-
relevant flows. It should be noted that Google, Facebook,
Twitter traffic is also found in majority of application traffic.
However, they are already added in “exclude list” and thus,
such traffic is not processed in this module.
For ex. “doubleclick.com” pattern getting detected in
multiple apps suggests that this pattern is part of a generic
flow and should be part of “exclude list”. With each
application test run, non-relevant pattern database grows and
subsequent flow classification accuracy goes up.
b) Generating signature rule priority change suggestion
for multiple rule matching scenario
For a given packet, there could be multiple patterns from
different rules matching at different offsets. DPI system has to
select one rule as matching rule among multiple matches. To
select one rule among many, each rule is assigned one priority
value which represents the confidence of that rule.
For ex. Rule A has pattern “abc.com”. Rule B has pattern
“xyz.com”. Both rules have same priority value. “Include list”
for testing app A has pattern “abc.com”.
HTTP packet payload from app A is:
GET \version HTTP 1.0\r\n
Host: abc.com\r\n
Referer: xyz.com\r\n\r\n
In above example, patterns from both rules A and B will
match at different offset. Since both rules have same priority,
DPI system may select rule A or B as final matching rule.
Suppose rule B is selected as final rule. Here, even though rule
A’s pattern matches with pattern in “include list”, rule B was
wrongly selected as matching rule. Our algorithm will detect
and correct such cases.
If the flow of application A is identified as application B,
and pattern of app A is found in “include list”, then the
algorithm suggests that we need to change rule priority in our
signature database such that when both patterns from rule of
app A and B are matched, priority should be given to
application A. One such example of multiple rule matching
involves 3rd party CDN, statistics and advertisement related
sites. Such sites are generic and found in flows of multiple
applications. Similarly, many apps have links to share post on
Facebook, Twitter etc. Such flows have HTTP Referer as
testing application domain name (Ex. “xyz.com”) and HTTP
Host as “facebook.com”. Patterns for such generic
applications should have lower priority than actual application
related patterns.
c) Finding almost matching patterns
For certain application patterns, only 1 or 2 bytes might
have changed in newer app version. Our algorithm finds such
occurrences by finding almost matching pattern with longest
subsequence matching algorithm. For ex., we have initial
signature pattern: ”ABCDE” at offset X. During n th test, the
system notices that pattern at offset X is “AFCDE” with
change at X+1 offset (‘F’ instead of ‘B’). The system marks
this offset as vulnerable offset and suggests regular expression
“A[BF]CDE” as signature.
During subsequent tests, if the flow is not detected, system
checks bytes at vulnerable offset and finds longest matching
subsequence as new signature pattern “A*CDE”. It recognizes
that last time there was a change in this pattern/parameter so
there could be a further change at the same place.
D. Automated Signature suggestion and Reverification
Once AutoIT scripts find out relevant flows which are not
detected by DPI system, such flow information is forwarded to
next phase where automated signature generation module is
running. This module examines payload of such flows and
suggests unique byte pattern as possible signatures.
Auto signature suggestion module has following sub modules
for various flow classes.
1. HTTP: The script gets ”Host”, “Referer” and “User-
Agent” header values and removes patterns which are part
of “exclude list”. Remaining patterns are shown as
possible signature patterns for given flows.
2. SSL/HTTPS: The script gets server name from SSL
“Client Hello” packet and suggests that pattern as
potential signature. If “Client Hello” packet has no server
name and session id or session ticket value is non-zero, it
is SSL renegotiation case. In SSL renegotiation case, SSL
flow does not have SSL negotiation parameters like server
name etc. as those parameters were exchanged in some
linked flow earlier. The script finds the linked flow using
session id/session ticket value, retrieves server name from
that flow and suggests server name as potential signature.
3. TCP/UDP: For TCP/UDP flows on non-standard port,
system needs to check multiple similar flows to find
common bytes. For that, flow categorization is done as
first phase and then common patterns are found for each
flow category. The system also gives useful information
like multiple UDP flows having same port, multiple
TCP/UDP flows having same destination IP and port etc.
With multiple UDP flows with same local port, if initial
flow is detected correctly, all subsequent flows can easily
be detected by using simple 2-tuple (Destination IP +
Port) table match.
1) Flow categorization
The target application may generate one or more types of
flows for various services. For ex., VoIP app can generate
flows for login, User search/add, chat, voice and video calls
among other services. We would need to analyze all such
flows separately. If we try to compare a chat flow with a video
call flow, it is obvious that we can not find any potential
signature as those two flows will be having totally different
characteristics.
To overcome this obstacle, one solution is to categorize the
flows based on flow characteristics which would result in the
formation of correct categories, wherein each category
corresponds to one type of the flow. Then after, flows in each
category can be analyzed separately for signatures. Effective
categorization would ensure correct signature suggestion.
We have used statistical analysis for flow categorization.
However, instead of calculating statistical vector for known
protocols, we calculate statistical vector for all application
flows to put them into different categories which are created
on-the-fly. For statistical vector generation, flow properties
like average packet size of whole flow/uplink/downlink,
standard deviation of packet size of whole
flow/uplink/downlink, Shannon entropy are used. K-means
clustering algorithm is used for classifying the flow in
available clusters. Once flows are categorized correctly, we
can examine multiple flows from similar category to find
unique byte patterns among them.
2) Finding unique byte pattern
Byte sequences which appear at a constant offset in packets
across different flows are candidate for the signature set.
To detect such signature, we line up flows of same category.
Then we try to match bytes of 1 st to ith packet of each flow. If
there is a common byte pattern among the flows, the result
would be that pattern. If no common pattern is found, result
would be no match. Fig. 2 shows process of finding unique
byte pattern in given flows. Here, F n denotes flow number and
Pn denotes packet number. For patterns on non-fixed offset, we
use longest common substring algorithm.
Verification test is run for failed applications again with
updated signatures to check detection result of previously
undetected relevant flows. If the test finds few more relevant
flows going undetected, same process is repeated again to get
new signature suggestion for detecting such flows. This process
is repeated until we get all test cases getting passed.
III. TEST SETUP AND RESULT
This section discusses our experimental test setup and results
for proposed method. Fig. 3 shows experimental test setup for
DPI automation verification testing. We run DPI engine on
Cavium Octeon 68XX Multi-Core MIPS64 processor which
runs 32 cores on a single chip to accelerate packet processing.
Figure 2: Finding unique byte pattern for given category
Figure 3: Test setup for DPI testing
All application specific signatures are loaded on DPI
engine. One Windows 7 system with 4 GB RAM and 2.0 GHz
clock was used as test system. Android/iOS Test mobiles were
connected to a Wi-Fi router which was connected to test
system. All packets to/from test mobile pass through test
system. The test system was connected to DPI engine which
examined all packets and forwarded the traffic to destination. If
DPI engine detected any known signature, it saved flow
information in detection table.
We have developed GUITAR test automation scripts for
300+ applications and Appium scripts for 20 apps. The
verification system was tested for apps from categories like
streaming, P2P, VoIP etc. Table 3 shows verification system
performance for various parameters. As the results indicate,
verification system found multiple false positive/negative
detection issues in signature. The system also suggested
HTTP, HTTPS signatures for undetected flows. The accuracy
to find relevant flow kept increasing as more generic/3 rd party
app patterns were added in “Exclude list” by our algorithm.
One important analysis is cost analysis - cost of testing
(man months) vs. cost of script development and running the
test. With multiple apps, manual testing time grows very fast.
However, automation testing requires only one time script
development for those apps and then running the test multiple
times. Fig. 4 shows number of apps vs. total time for both
manual and automated testing. The results clearly indicate that
automation testing saves lot of testing cost. Table 4 shows few
auto signature suggests that we got for various applications.
Table 3: Automated Verification System Performance
Application Issues Signature Relevant flow
Tested Found Suggested Accuracy
Month 1 40 12 6 80%
Month 2 75 15 5 83%
Month 3 115 13 7 89%
Month 4 130 9 5 92%
Figure 4: Cost for Manual Vs Automated test for multiple apps
Table 4: Auto Signature suggestions
HTTP bmimages, fishtank, isapi_solutions, jquery
HTTPS Mzstatic, shopify, thisisaim, truste, disqus
TCP “BitTorrent Protocol”, 0xd13a[ad]
UDP 0x000100242112a442 ,0x00060020
IV. CONCLUSION
An average application signature test can capture hundreds
of HTTP, HTTPS, TCP and UDP flows. Manually checking
detection result for all these flows in detection database is very
slow and error-prone. With automation along with machine
learning algorithms, we save lot of time in regression tests and
find few false positive/negative cases which we tend to
overlook in manual task. With every test run, our “exclude
list” database grows and relevant flow accuracy increases.
Previous mobile test automation attempts were mostly
confined to generating mobile application traffic and testing
the app by generating multiple gestures. We extend that idea
to verify DPI signatures and suggest new signatures for
undetected flows. We use many machine learning algorithms
which keep building non-relevant pattern database after
multiple runs, suggest signature priority change for multiple
matches, and suggest signature change for almost matching
patterns. With that, the signature verification system can
identify issues in existing signatures and update new signature
in short time of new application version release.
We successfully demonstrated that manual, error-prone DPI
signature verification task can be fully automated. This
verification system can identify signature update cases quite
early and suggest changes. In future work, we would add more
intelligence in machine learning algorithms, tighten detection
of all false positive and false negative cases and increase the
accuracy of automated verification system.
REFERENCES
[1] U. Trivedi, "A self-learning stateful application identification method for
Deep Packet Inspection," Computing Technology and Information
Management (ICCM), 2012 8th International Conference on, Seoul,
2012, pp. 416-421.
[2] ACAS: Automated Construction of Application Signatures - Patrick
Haffner, Subhabrata Sen, Oliver Spatscheck, Dongmei Wang
SIGCOMM’05 Workshops, August 22–26, 2005, Philadelphia, PA,
USA.
[3] Jerry Gao, Xiaoying Bai, Wei-Tek Tsai, Tadahiro Uehara, "Mobile
Application Testing: A Tutorial", Computer, vol.47, no. 2, pp. 46-55,
Feb. 2014, doi:10.1109/MC.2013.445
[4] H. Song et al., “An Integrated Test Automation Framework for Testing
on Heterogeneous Mobile Platforms,” Proc. 1st ACIS Int’l Symp.
Software and Network Eng., 2011, pp.141–145
[5] WangY,et al. Generating regular expression signatures for network
traffic classification in trusted network management.JNetwork Comput
Appl (2011), doi:10.1016/j. jnca.2011.03.017
[6] Wang Y, Xiang Y, Yu. SZ. An automatic application signature
construction system for unknown traffic. Concurrency and
Computation–Practice and Experience 2010;22(13):1927–44
[7] appium.io
[8] http://dev.naver.com/projects/guitar
[9] https://www.autoitscript.com/site/