As enterprises embrace mobile technologies and enable their employees to bring their own devices, traditional security mechanisms are challenged by the col-location of personal and business activities on employee-owned mobile devices on the enterprise network. This presents a new risk to enterprises as employee-owned devices can now be used as stepping stones for bypassing traditional enterprise perimeter security. Current Bring Your Own device (BYOD) programs usually either do not manage employee-owned devices or are limited by self-enrollment and device heterogeneity challenges. In this paper, we introduce a novel, nonintrusive big data analytics methodology to obtain visibility into mobile device usage. At the heart of the methodology is an inference algorithm that uses a dynamic decision tree in near real-time to fingerprint mobile devices and their usage by analyzing passively collected network data. Information, such as device type, device model, and operating systems/versions, as well as applications and their patch level, can be inferred—all without an agent installed on the devices. We correlate such information with supplemental security intelligence (e.g., vulnerability information) to discover previously unknown mobile devices on an organization's network and to establish their security posture and risk. Our evaluation on a major corporate network indicates that mobile devices can be reliably identified while mitigating their potential threats, thus demonstrating that our methodology provides valuable insights to enterprise security administrators
[1]
Yong Liao,et al.
AppPrint: Automatic Fingerprinting of Mobile Applications in Network Traffic
,
2015,
PAM.
[2]
Michele Colajanni,et al.
A collaborative framework for intrusion detection in mobile networks
,
2015,
Inf. Sci..
[3]
Shu-Chiung Lin,et al.
Simple and effective method for detecting abnormal internet behaviors of mobile devices
,
2015,
Inf. Sci..
[4]
Rui Wang,et al.
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
,
2010,
2010 IEEE Symposium on Security and Privacy.
[5]
Michele Colajanni,et al.
The Problem of NIDS Evasion in Mobile Networks
,
2011,
2011 4th IFIP International Conference on New Technologies, Mobility and Security.
[6]
Yajin Zhou,et al.
Dissecting Android Malware: Characterization and Evolution
,
2012,
2012 IEEE Symposium on Security and Privacy.
[7]
Qiang Xu,et al.
Identifying diverse usage behaviors of smartphone apps
,
2011,
IMC '11.
[8]
Ling Huang,et al.
I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis
,
2014,
Privacy Enhancing Technologies.