Feedback-based smartphone strategic sampling for BYOD security

Bring Your Own Device (BYOD) is an information technology (IT) policy that allows employees to use their own wireless devices to access internal network at work. Mobile malware is a major security concern that impedes BYOD's further adoption in enterprises. Existing works identify the need for better BYOD security mechanisms that balance between the strength of such mechanisms and the costs of implementing such mechanisms. In this paper, based on the idea of self-reinforced feedback loop, we propose a periodic smartphone sampling mechanism that significantly improve BYOD security mechanism's effectiveness without incurring further costs. We quantify the likelihood that “a BYOD smartphone is infected by malware” by two metrics, vulnerability and uncertainty, and base the iterative sampling process on these two metrics; the updated values of these metrics are fed back into future rounds of the mechanism to complete the feedback loop. We validate the efficiency and effectiveness of the proposed strategic sampling via simulations driven by publicly available, real-world collected traces.

[1]  Chin-Tser Huang,et al.  Smartphone strategic sampling in defending enterprise network security , 2013, 2013 IEEE International Conference on Communications (ICC).

[2]  Helen J. Wang,et al.  Characterizing Botnets from Email Spam Records , 2008, LEET.

[3]  Gordon Thomson BYOD: enabling the chaos , 2012, Netw. Secur..

[4]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[5]  Matthew Might,et al.  Sound and precise malware analysis for android via pushdown reachability and entry-point saturation , 2013, SPSM '13.

[6]  Dawn Xiaodong Song,et al.  Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering , 2009, CCS.

[7]  John R. Douceur,et al.  Lottery trees: motivational deployment of networked systems , 2007, SIGCOMM '07.

[8]  Elmar Gerhards-Padilla,et al.  Using Infection Markers as a Vaccine against Malware Attacks , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[9]  Somesh Jha,et al.  Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors , 2010, 2010 IEEE Symposium on Security and Privacy.

[10]  Bojan Zdrnja Malicious JavaScript Insertion through ARP Poisoning Attacks , 2009, IEEE Security & Privacy.

[11]  Somesh Jha,et al.  A Layered Architecture for Detecting Malicious Behaviors , 2008, RAID.

[12]  Steve Mansfield-Devine,et al.  Interview: BYOD and the enterprise network , 2012 .

[13]  Gary Carpenter 동적 사용자를 위한 Scalable 인증 그룹 키 교환 프로토콜 , 2005 .

[14]  Bing Wang,et al.  Malware Detection for Mobile Devices Using Software-Defined Networking , 2013, 2013 Second GENI Research and Educational Experiment Workshop.

[15]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[16]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[17]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[18]  W. Marsden I and J , 2012 .

[19]  Jun Xu,et al.  Packet vaccine: black-box exploit detection and signature generation , 2006, CCS '06.

[20]  Yong Wang,et al.  Smartphone Security Challenges , 2012, Computer.

[21]  Lei Wu,et al.  A Systematic Study on Peer-to-Peer Botnets , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[22]  Christopher Krügel,et al.  Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries , 2010, 2010 IEEE Symposium on Security and Privacy.

[23]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[24]  Geoffrey M. Voelker,et al.  Usage Patterns in an Urban WiFi Network , 2010, IEEE/ACM Transactions on Networking.

[25]  Jie Wu,et al.  T-dominance: Prioritized defense deployment for BYOD security , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[26]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[27]  Zhaoyan Xu AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization , 2013 .

[28]  Christopher Krügel,et al.  A quantitative study of accuracy in system call-based malware detection , 2012, ISSTA 2012.

[29]  Christopher Krügel,et al.  AccessMiner: using system-centric models for malware protection , 2010, CCS '10.

[30]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[31]  Geoffrey M. Voelker,et al.  Defending Mobile Phones from Proximity Malware , 2009, IEEE INFOCOM 2009.

[32]  David C. Hoaglin,et al.  Some Implementations of the Boxplot , 1989 .

[33]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[34]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[35]  Stephen McCamant,et al.  Differential Slicing: Identifying Causal Execution Differences for Security Applications , 2011, 2011 IEEE Symposium on Security and Privacy.

[36]  Jie Wu,et al.  Mobility Reduces Uncertainty in MANETs , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[37]  Elena Deza,et al.  Encyclopedia of Distances , 2014 .

[38]  Martin May,et al.  Impact of packet sampling on anomaly detection metrics , 2006, IMC '06.

[39]  Jie Wu,et al.  CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[40]  Jie Wu,et al.  FRAME: An Innovative Incentive Scheme in Vehicular Networks , 2009, 2009 IEEE International Conference on Communications.

[41]  Tzi-cker Chiueh,et al.  A Forced Sampled Execution Approach to Kernel Rootkit Identification , 2007, RAID.