Monitoring Mobile Device Vitals for Effective Reporting (ER)

This paper outlines how to proactively screen the health of a corporate network and perform first aid by systematically monitoring vital signs of mobile devices within the network. The first contribution is the set of vital signs consisting of event activities such as registry content changes, active processes, open ports, power usage thresholds, and power signatures (using the Battery-based intrusion detection system) to detect and prevent system intrusions. These vital signs are periodically reported back to a monitor using agents we designed for effective reporting (ER). These ER agents are installed in hosts and routers throughout the network. To minimize communications overhead, we achieve a size reduction of the raw, XML health reports by over 98% in a short-list, delta-set update. As a result, a 1.07 MB update was reduced to only 3,756 B. These updates are received by the ER monitor(s) and analyzed using existing intrusion detection and prevention systems providing a means to diagnose and isolate potential health hazards within the network that are not perceptible to individual devices