The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mark Guido - MITRE

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

MITRE/Purdue Mobile Masquerading User Experiment

Sep 17, 2014

Download: Video Icon MP4 Video Size: 183.2MB  
Watch on Youtube Watch on YouTube


Periodic Mobile Forensics (PMF) is a MITRE research project investigating user behavioral measurement on mobile devices by applying both traditional and mobile forensics processes. We applied our research to an enterprise mobile infrastructure, where we utilize a mobile on-device agent named TractorBeam. This agent periodically collects changed storage locations from each device to allow for later image reconstruction and analysis. We collaborated with Purdue University to perform a three-month experiment where we evaluated TractorBeam's operation in a simulated operational setting to identify masquerading users (i.e., users operating the devices other than the enterprise designated mobile device user). We surmised that even if a masquerading user on an enterprise mobile device lacked malicious intent; this masquerader would still be undesirable to the enterprise. On campus, we provided a set of human-subject volunteers the following: preconfigured mobile devices with cellular voice and data plans, also with the TractorBeam agent pre-installed; a simple acceptable use policy; and deceptive project background information to stimulate normal behavior. As a result of the experiment, we collected enough data to successfully reconstruct 821 forensic images, extract over 1 million audit events, and perform masquerading user analysis. This presentation describes PMF and characterizes the collected experiment corpus, the extracted audit events, and the performance of TractorBeam throughout the protocol. Then our approach for advanced masquerading detection will be discussed.

About the Speaker

Mr. Mark Guido is a principal cyber engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement).
Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than twelve years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.
Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!