Mark Guido - MITRE
Sep 17, 2014
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"MITRE/Purdue Mobile Masquerading User Experiment"
Periodic Mobile Forensics (PMF) is a MITRE research project investigating user behavioral measurement on mobile devices by applying both traditional and mobile forensics processes. We applied our research to an enterprise mobile infrastructure, where we utilize a mobile on-device agent named TractorBeam. This agent periodically collects changed storage locations from each device to allow for later image reconstruction and analysis. We collaborated with Purdue University to perform a three-month experiment where we evaluated TractorBeam's operation in a simulated operational setting to identify masquerading users (i.e., users operating the devices other than the enterprise designated mobile device user). We surmised that even if a masquerading user on an enterprise mobile device lacked malicious intent; this masquerader would still be undesirable to the enterprise. On campus, we provided a set of human-subject volunteers the following: preconfigured mobile devices with cellular voice and data plans, also with the TractorBeam agent pre-installed; a simple acceptable use policy; and deceptive project background information to stimulate normal behavior. As a result of the experiment, we collected enough data to successfully reconstruct 821 forensic images, extract over 1 million audit events, and perform masquerading user analysis. This presentation describes PMF and characterizes the collected experiment corpus, the extracted audit events, and the performance of TractorBeam throughout the protocol. Then our approach for advanced masquerading detection will be discussed.
About the Speaker
Mr. Mark Guido is a principal cyber engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement).
Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than twelve years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.
Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...