Open AccessMONITORING ANDROID DEVICES BY USING EVENTS AND METADATA
Author(s) -
Markus Schölzel,
Evren Eren,
Kai-Oliver Detken,
Leonid Schwenke
Publication year - 2016
Publication title -
computing
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.184
H-Index - 11
eISSN - 2312-5381
pISSN - 1727-6209
DOI - 10.47839/ijc.15.4.856
Subject(s) - computer science , android (operating system) , metadata , mobile device , computer security , authentication (law) , information sensitivity , audit trail , event (particle physics) , world wide web , audit , operating system , physics , management , quantum mechanics , economics
Mobile devices such as smartphones and tablet PCs are increasingly used for business purposes. However, the trustworthiness of the operating system and apps is controversial. They can constitute a threat to corporate networks and infrastructures, if they are not audited or monitored. The concept of port-based authentication using IEEE 802.1X restricts access and may provide statistical data about users entering or leaving a network, but it does not consider the threat devices can pose if they have already been authenticated and used. Security information and event management (SIEM) software has to incorporate information about mobile devices during their usage. Those devices have to gather and publish information to make this possible. This can be achieved by using a client on the mobile device, which is proposed here. It collects metadata including information about device specific data, platform or system state, which is sent via multiple supported protocols to a central SIEM component, where the data is analyzed in assessment procedures for threat analysis by using artificial intelligence and rule-sets.