A Social Network Based Patching Scheme for Worm Containment in Cellular Networks

Recently, cellular phone networks have begun allowing third-party applications to run over certain open-API phone operating systems such as Windows Mobile, Iphone and Google’s Android platform. However, with this increased openness, the fear of rogue programs written to propagate from one phone to another becomes ever more real. This chapter proposes a counter-mechanism to contain the propagation of a mobile worm at the earliest stage by patching an optimal set of selected phones. The counter-mechanism continually extracts a social relationship graph between mobile phones via an analysis of the network traffic. As people are more likely to open and download content that they receive from friends, this social relationship graph is representative of the most likely propagation path of a mobile worm. The counter-mechanism partitions the social relationship graph via two different algorithms, balanced and clustered partitioning and selects an optimal set of phones to be patched first as those have the capability to infect the most number of other phones. The performance of these partitioning algorithms is compared against a benchmark random partitioning scheme. Through extensive trace-driven experiments using real IP packet traces from one of the largest cellular networks in the US, we demonstrate the efficacy of our proposed counter-mechanism in containing a mobile worm.

[1]  Jaap C. Haartsen,et al.  The Bluetooth radio system , 2000, IEEE Personal Communications.

[2]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[3]  Kang G. Shin,et al.  Proactive security for mobile messaging networks , 2006, WiSe '06.

[4]  Tamara G. Kolda,et al.  Graph partitioning models for parallel computing , 2000, Parallel Comput..

[5]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[6]  Ayalvadi J. Ganesh,et al.  On the effectiveness of automatic patching , 2005, WORM '05.

[7]  Srinivasan Keshav,et al.  Multimedia messaging service: system description and performance analysis , 2005, First International Conference on Wireless Internet (WICON'05).

[8]  SeongHan Shin,et al.  Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks , 2005, IEEE Journal on Selected Areas in Communications.

[9]  Jie Wu,et al.  CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[10]  William H. Sanders,et al.  Quantifying the Effectiveness of Mobile Phone Virus Response Mechanisms , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[11]  Geoffrey M. Voelker,et al.  Defending Mobile Phones from Proximity Malware , 2009, IEEE INFOCOM 2009.

[12]  Brian D. Noble,et al.  Modeling epidemic spreading in mobile environments , 2005, WiSe '05.

[13]  Ahren Studer,et al.  Empirical Analysis of Rate Limiting Mechanisms , 2005, RAID.

[14]  Songwu Lu,et al.  SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[15]  Krishna P. Gummadi,et al.  Exploiting Social Interactions in Mobile Systems , 2007, UbiComp.

[16]  Donald F. Towsley,et al.  The monitoring and early detection of Internet worms , 2005, IEEE/ACM Transactions on Networking.

[17]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[18]  Chris Walshaw,et al.  Parallel optimisation algorithms for multilevel mesh partitioning , 2000, Parallel Comput..

[19]  Songwu Lu,et al.  Analysis of the Reliability of a Nationwide Short Message Service , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[20]  Thomas F. La Porta,et al.  Exploiting open functionality in SMS-capable cellular networks , 2008, J. Comput. Secur..

[21]  S.,et al.  An Efficient Heuristic Procedure for Partitioning Graphs , 2022 .

[22]  Albert-László Barabási,et al.  Understanding the Spreading Patterns of Mobile Phone Viruses , 2009, Science.

[23]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[24]  Daniel P. W. Ellis,et al.  White Worms Don't Work , 2006, Login: The Usenix Magazine.

[25]  Donald F. Towsley,et al.  Monitoring and early warning for internet worms , 2003, CCS '03.

[26]  Stefan Savage,et al.  The Spread of the Sapphire/Slammer Worm , 2003 .

[27]  George Karypis,et al.  Parmetis parallel graph partitioning and sparse matrix ordering library , 1997 .

[28]  Sencun Zhu,et al.  A Chain Reaction DoS Attack on 3G Networks: Analysis and Defenses , 2009, IEEE INFOCOM 2009.

[29]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[30]  Sencun Zhu,et al.  Improving sensor network immunity under worm attacks: a software diversity approach , 2008, MobiHoc '08.

[31]  Vipin Kumar,et al.  Graph partitioning for high-performance scientific simulations , 2003 .

[32]  Vipin Kumar,et al.  A Fast and High Quality Multilevel Scheme for Partitioning Irregular Graphs , 1998, SIAM J. Sci. Comput..

[33]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.