ABSTRACT
Behaviour profiling is used in organisations to identify the working patterns of agents: humans or devices. It can be used to detect abnormal patterns of devices in an organisation’s BYOD network to help control network access. Although BYOD offers great benefits of improving productivity and job satisfaction while reducing cost, it bears some security issues around access control with limitations in addressing insider threat scenarios. This means that motivated and determined attackers with valid access credentials can exploit the weaknesses to compromise the system. The limitation of mobile devices can mean that traditional network access control mechanism are ineffective in addressing insider threats, and can impact on device capacity and functionality. Thus, it is crucial to explore other ways of identifying insider threats from anomalous device behaviours. We propose a device-type profiling for threat detection which uses packet inter-arrival time patterns of devices for automatic identification of abnormal device-types. Experimental tests using clustering-based multivariate gaussian outlier score (CMGOS) to clearly distinguish and label normal and abnormal inter-arrival time patterns yielded promising results. This affirms the effectiveness of the proposed approach to support system administrators in monitoring and detecting insider threats for timely and effective access control response.
- Colombini C.M. Colella A. Mattiucci M. Castiglione A.2012. Network Profiling: Content Analysis of Users Behavior in Digital Communication Channel. In: Quirchmayr G., Basl J., You I., Xu L., Weippl E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science 7465 (2012). https://doi.org/10.1007/978-3-642-32498-7_31Google ScholarCross Ref
- Khoula AlHarthy and Wael Shawkat. 2013. Implement network security control solutions in BYOD environment. Proceedings - 2013 IEEE International Conference on Control System, Computing and Engineering, ICCSCE 2013(2013), 7–11. https://doi.org/10.1109/ICCSCE.2013.6719923Google ScholarCross Ref
- Khalid Almarhabi, Kamal Jambi, Fathy Eassa, and Omar Batarfi. 2017. Survey on access control and management issues in cloud and BYOD environment. International Journal of Computer Science and Mobile Computing 6 (2017), 44–54.Google Scholar
- Seham Alnefaie and Omar Batarfi. [n.d.]. Secure Remote Mobile Screening (SRMS) Framework for Bring Your Own Device (BYOD). ([n. d.]).Google Scholar
- Tomáš Bajtoš, Andrej Gajdoš, Lenka Kleinová, Katarína Lučivjanská, and Pavol Sokol. 2018. Network intrusion detection with threat agent profiling. Security and Communication Networks 2018 (2018).Google Scholar
- Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray. 2018. Behavioral fingerprinting of iot devices. In Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security. 41–50.Google ScholarDigital Library
- Thomas Breuel and Faisal Shafait. 2010. Automlp: Simple, effective, fully automated learning rate and size adjustment. In The Learning Workshop, Vol. 4. Utah, 51.Google Scholar
- Clara Colombini and Antonio Colella. 2011. Digital profiling: A computer forensics approach. In International Conference on Availability, Reliability, and Security. Springer, 330–343.Google ScholarCross Ref
- Stephen C Fortier and Lee A Shombert. 2000. Network profiling and data visualization. In Proceedings of the 2000 IEEE Workshop on Information Assurance and Security.Google Scholar
- Manmeet Singh Gill, Dale Lindskog, and Pavol Zavarsky. 2018. Profiling Network Traffic Behavior for the Purpose of Anomaly-Based Intrusion Detection. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 885–890.Google Scholar
- Paul Giura, Ilona Murynets, Roger Piqueras Jover, and Yevgeniy Vahlis. 2014. Is it really you?: user identification via adaptive behavior fingerprinting. In Proceedings of the 4th ACM conference on Data and application security and privacy. ACM, 333–344.Google ScholarDigital Library
- Markus Goldstein and Seiichi Uchida. 2016. A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PloS one 11, 4 (2016), e0152173.Google ScholarCross Ref
- Sandeep Gupta, Attaullah Buriro, and Bruno Crispo. 2018. Demystifying authentication concepts in smartphones: Ways and types to secure access. Mobile Information Systems(2018).Google Scholar
- Taeeun Kim and Hwankuk Kim. 2015. A system for detection of abnormal behavior in BYOD based on web usage patterns. In Information and Communication Technology Convergence (ICTC), 2015 International Conference on. IEEE, 1288–1293.Google ScholarCross Ref
- Eun Byol Koh, Joohyung Oh, and Chaete Im. 2014. A study on security threats and dynamic access control technology for BYOD, smart-work environment. In Proceedings of the International MultiConference of Engineers and Computer Scientists, Vol. 2.Google Scholar
- Abdelmajid Lakbabi, Ghizlane Orhanou, and Said El Hajji. 2013. Network Access Control Technology-Proposition to contain new security challenges. arXiv preprint arXiv:1304.0807(2013).Google Scholar
- Fudong Li, Nathan Clarke, Maria Papadaki, and Paul Dowland. 2010. Behaviour profiling on mobile devices. In Emerging Security Technologies (EST), 2010 International Conference on. IEEE, 77–82.Google ScholarDigital Library
- D .J. Marchette. 1999. A statistical method for profiling network traffic. In in Proceedings of the Workshop on Intrusion Detection and Network Monitoring. ACM USENIX Association, 119–128.Google ScholarDigital Library
- Ingo Mierswa, Michael Wurst, Ralf Klinkenberg, Martin Scholz, and Timm Euler. 2006. YALE: Rapid Prototyping for Complex Data Mining Tasks. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(Philadelphia, PA, USA) (KDD ’06). ACM, New York, NY, USA, 935–940. https://doi.org/10.1145/1150402.1150531Google ScholarDigital Library
- Musa Abubakar Muhammad, Aladdin Ayesh, and Isabel Wagner. 2019. Behavior-Based Outlier Detection for Network Access Control Systems. In Proceedings of the 3rd International Conference on Future Networks and Distributed Systems(ICFNDS ’19). ACM, Paris, France, 1–6. https://doi.org/10.1145/3341325.3342004Google ScholarDigital Library
- Musa Abubakar Muhammad, Aladdin Ayesh, and Pooneh Bagheri Zadeh. 2017. Developing an intelligent filtering technique for bring your own device network access control. In Proceedings of the first International Conference on Future Networks and Distributed Systems. ACM, Cambridge, UK, 1–8.Google ScholarDigital Library
- N Pandeeswari and Ganesh Kumar. 2016. Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mobile Networks and Applications 21, 3 (2016), 494–505.Google ScholarDigital Library
- Portnox. [n.d.]. The Importance of a NAC Solution Introduction – The Growing Demand for NAC Solutions Full Coverage of Top CIS Controls. http://www.portnox.comGoogle Scholar
- Sanae Rosen, Ashkan Nikravesh, Yihua Guo, Z Morley Mao, Feng Qian, and Subhabrata Sen. 2015. Revisiting network energy efficiency of mobile apps: Performance in the wild. In Proceedings of the 2015 Internet Measurement Conference. ACM, 339–345.Google ScholarDigital Library
- Hataichanok Saevanee, Nathan Clarke, and Steven Furnell. 2011. SMS linguistic profiling authentication on mobile device. In Network and System Security (NSS), 2011 5th International Conference on. IEEE, 224–228.Google ScholarCross Ref
- M Ph Stoecklin, K Singh, L Koved, X Hu, SN Chari, JR Rao, P-C Cheng, M Christodorescu, R Sailer, and DL Schales. 2016. Passive security intelligence to analyze the security risks of mobile/BYOD activities. IBM Journal of Research and Development 60, 4 (2016), 9–1.Google ScholarDigital Library
- A. Selcuk Uluagac. 2014. CRAWDAD dataset gatech/fingerprinting (v. 2014-06-09). Downloaded from https://crawdad.org/gatech/fingerprinting/20140609. https://doi.org/10.15783/C78G67Google ScholarCross Ref
- U. Vignesh and S. Asha. 2015. Modifying Security Policies Towards BYOD. Procedia Computer Science 50 (2015), 511–516. https://doi.org/10.1016/j.procs.2015.04.023Google ScholarCross Ref
- Jie Yang, Jun Ma, and Sarah K Howard. 2020. Usage profiling from mobile applications: A case study of online activity for Australian primary schools. Knowledge-Based Systems 191 (2020), 105214.Google ScholarDigital Library
Recommendations
Developing an Intelligent Filtering Technique for Bring Your Own Device Network Access Control
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsWith the rapid increase in smartphones and tablets, Bring Your Own Devices (BYOD) has simplified computing by introducing the use of personally owned devices. These devices can be utilised in accessing business enterprise contents and networks. The ...
Behavior-Based Outlier Detection for Network Access Control Systems
ICFNDS '19: Proceedings of the 3rd International Conference on Future Networks and Distributed SystemsNetwork Access Control (NAC) systems manage the access of new devices into enterprise networks to prevent unauthorised devices from attacking network services. The main difficulty with this approach is that NAC cannot detect abnormal behaviour of ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Comments