Bachelor thesis · Metadata-only mobile traffic monitoring

Detect mobile network anomalies without reading payloads.

MANTA measures the detection-privacy trade-off in encrypted Android traffic. The project asks whether flow metadata can provide useful anomaly signals while reducing the telemetry exported from the device.

Android endpointLocal windowsflow duration · ports · packet counts · timing
payload hidden
Privacy filtermetadata only
Server backendingest · policy · triage
Anomaly score0.82

Overall thesis

What the website should explain first.

Problem

Encrypted traffic limits payload inspection.

Modern Android traffic is mostly encrypted. MANTA studies what can still be detected from flow metadata without reading message contents.

Artifact

Android endpoint, server backend, and ML pipeline.

The implementation captures local flow windows, scores anomalies, exports privacy-tiered telemetry, and evaluates model utility against privacy leakage.

Research question

How much detection signal survives telemetry reduction?

The thesis compares full and reduced feature views, on-device models, backend models, and observer leakage under reproducible public-corpus experiments.

Architecture

Four parts, one measurement question.

Mobile Endpoint

VpnService-based Android capture, local feature windows, consent controls, and on-device anomaly scoring.

Privacy Filter

Export tiers decide which metadata features leave the device. Payload content is not inspected.

Server Backend

Authenticated ingest, queueing, policy sync, model control, triage, and analyst feedback endpoints.

Evaluation Pipeline

Public-dataset training, privacy views, leakage benchmarks, calibration, and reproducible evidence exports.

Evaluation snapshot

Results are framed as a trade-off, not a magic privacy claim.

MANTA reduces exported telemetry and measures the utility loss. It also documents that passive traffic analysis remains a serious limitation, even when payloads are never inspected.

6,034,487public-corpus flows
904,371aggregated 60-second windows
0.961high-recall Android RF F1
0.135strict-view exact app leakage