The present invention extracts information from the HTTP protocol messages transmitted between a Wireless Communication Device and an Access Point immediately after they establish authentication. By inspecting data from the header and the body of HTTP protocol messages, different machine-learning classifiers tailored for different learning purposes are applied. The combination of machine learning models is used to detect different AP characteristics, such as the reliability of the AP to the user. Technique may be performed passively, by analyzing the network events that occurs in the network, such as the captive portal detection, or actively, by send a single HTTP request packet to the AP. The present invention may only use the first HTTP response packet for classification. In this scenario, the present invention may use one machine-learning up to three machine-learning models for classification. However, an HTTP packet response may incur an HTTP redirect chain and more packets would be exchanged between client and AP.

In that scenario, if the next HTTP packet transmitted are not HTTPS, more models may be applied for each next packet response. A unique model may be trained for all packets, or each model may have a model tailored for the packet considering its order in the HTTP redirect chain.

Finally, the final decision of the classification may use the output for each model combined, separated by weights or not, and tailored with model-specific threshold values or not. For example, if the HTTP header fingerprint model had a strong result weight, its classification output has more impact in the final decision, and the use of other models would not be necessary for that case.