Theses and Dissertations
Displaying 1 - 2 of 2
Filtering by
- Creators: Yau, Stephen
Description
Due to the shortcomings of modern Mobile Device Management solutions, businesses
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis.
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis.
ContributorsWhitaker, Jeremy (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Committee member) / Yau, Stephen (Committee member) / Arizona State University (Publisher)
Created2015
Description
The advent of the Internet of Things (IoT) and its increasing appearances in
Small Office/Home Office (SOHO) networks pose a unique issue to the availability
and health of the Internet at large. Many of these devices are shipped insecurely, with
poor default user and password credentials and oftentimes the general consumer does
not have the technical knowledge of how they may secure their devices and networks.
The many vulnerabilities of the IoT coupled with the immense number of existing
devices provide opportunities for malicious actors to compromise such devices and
use them in large scale distributed denial of service attacks, preventing legitimate
users from using services and degrading the health of the Internet in general.
This thesis presents an approach that leverages the benefits of an Internet Engineering
Task Force (IETF) proposed standard named Manufacturer Usage Descriptions,
that is used in conjunction with the concept of Software Defined Networks
(SDN) in order to detect malicious traffic generated from IoT devices suspected of
being utilized in coordinated flooding attacks. The approach then works towards
the ability to detect these attacks at their sources through periodic monitoring of
preemptively permitted flow rules and determining which of the flows within the permitted
set are misbehaving by using an acceptable traffic range using Exponentially
Weighted Moving Averages (EWMA).
Small Office/Home Office (SOHO) networks pose a unique issue to the availability
and health of the Internet at large. Many of these devices are shipped insecurely, with
poor default user and password credentials and oftentimes the general consumer does
not have the technical knowledge of how they may secure their devices and networks.
The many vulnerabilities of the IoT coupled with the immense number of existing
devices provide opportunities for malicious actors to compromise such devices and
use them in large scale distributed denial of service attacks, preventing legitimate
users from using services and degrading the health of the Internet in general.
This thesis presents an approach that leverages the benefits of an Internet Engineering
Task Force (IETF) proposed standard named Manufacturer Usage Descriptions,
that is used in conjunction with the concept of Software Defined Networks
(SDN) in order to detect malicious traffic generated from IoT devices suspected of
being utilized in coordinated flooding attacks. The approach then works towards
the ability to detect these attacks at their sources through periodic monitoring of
preemptively permitted flow rules and determining which of the flows within the permitted
set are misbehaving by using an acceptable traffic range using Exponentially
Weighted Moving Averages (EWMA).
ContributorsChang, Laurence Hao (Author) / Yau, Stephen (Thesis advisor) / Doupe, Adam (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2018