Temporal Complex Network Measures for Mobile Malware Containment

Picture the scene: you've bought a shiny new smartphone and have been customising it all weekend by installing various apps from the app store, however the following week you encounter a run of bad luck...

...first your house is burgled when you're at work, next your credit card is maxed out, your friends have been receiving spam text messages from you and to top it off, weeks later, some of your colleagues have had the same experience; what is going on?

Little beknown to you, within one of these seemingly innocuous apps lurks a piece of mobile malware (mobware) which has access to a wealth of personal information which an attacker can access remotely.  First, the app can track your location using the GPS which can be used to infer when you are away from the house; secondly it can key-log your mobile banking app to gain access to your credit card; an attacker can send messages on your behalf to everyone in your phonebook; and finally, the app can use bluetooth to jump from your device to another near-by device.

This might all seem far fetched but the technology is available right now. A recent ENISA report highlights the threats that mobware can have on personal and business users [1] and the latest McAfee Labs report shows that mobware is on the rise [2].

What makes mobile malware interesting, compared to traditional fixed networks is that it can replicate itself via both long range (SMS, MMS, email etc.) and short range (Bluetooth, WiFi etc.) methods.  Long range worms could be filtered by your service operator however short range worms evade such detection and hence stopping the spread such worms are of considerable interest.

Since mobile phones are commonly carried on person, these short-range bluetooth worms spread like biological viruses, however due to limited bandwidth we can't send a patch directly to the tens of millions of devices.  The key question is then, can we identify the best devices to patch and how do we disseminate the patch?

We address this problem in a paper to be presented at the upcoming IEEE WoWMoM 2011 conference, which was also highlighted in MIT Tech Review.

Epidemics and network robustness is a well studied area in traditional complex network research [3], however they are based on a static representation of the network.  Clearly the network of device-to-device encounters changes over time; our paper describes techniques to model this time-varying network more realistically and also how to identify two types of key devices: devices which mediate alot of communication channels and devices which can spread a message quickly to many devices.  We call these measures temporal betweenness centrality and temporal closeness centrality, respectively.

From this, we investigate two possible methods for stopping mobware in its tracks:

  • Firstly, sending the patch to key mediators in the network; these are devices which in theory bridge the most communication paths.  However, surprisingly we find that in dynamic networks there are many alternative paths such that the malware can simply find a way around.
  • In our second scheme, we take advantage of the same channels as the mobile worm by opportunistically spreading the patch and find that temporal closeness identifies devices which can catch up and contain the worm in a finite time.

This work paves the way for further studies into the relationship between time-varying graphs and the containment of mobware.

Exploiting Temporal Complex Network Metrics in Mobile Malware Containment
John Tang, Cecilia Mascolo, Mirco Musolesi, Vito Latora
In Proceedings of the 12th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WOWMOM2011). Lucca, Italy. June 2011. [PDF]

[1] Hogben, G. & Dekker, M. Smartphones: Information security risks, opportunities and recommendations for users. (ENISA: 2010)
[2] McAfee Threats Report: First Quarter 2011. (McAfee Labs: 2011)
[3] Albert, R., Jeong, H. & Barabasi, A.-L. Error and attack tolerance of complex networks. Nature 406, 378-382 (2000).

Comments (1) Trackbacks (0)
  1. Oh !!these viruses are so rogue…..

Leave a comment

No trackbacks yet.