Abstract--Current Network Access Control (NAC) technologies manage the access of new devices into a network to prevent rogue devices from attacking network hosts or services. Typically, new devices are checked against a set of manually defined policies (rules) before being granted access by the NAC enforcer. The main difficulty with this approach lies in the generation and update of new policies manually as time elapses and all devices have to reestablish their access rights. The BB-NAC mechanism was the first to introduce a novel Behavior-Based Network Access Control architecture based on behavior profiles and not rules, where behavior-based access control policies were automatically generated. As originally presented, BB-NAC relied on manually pre-determined clusters of behavior which required human intervention and prevented the fully automation of the mechanism. In this paper, we present an enhanced BB-NAC mechanism that fully automatizes the creation of clusters of behavior. The a...