A Study on Formal Methods to Generalize Heterogeneous Mobile Malware Propagation and Their Impacts

Mobile personal devices, such as smartphones, USB thumb drives, and sensors, are becoming essential elements of our modern lives. Their large-scale pervasive deployment within the population has already attracted many malware authors, cybercriminals, and even governments. Since the first demonstration of mobile malware by Marcos Velasco, millions of these have been developed with very sophisticated capabilities. They infiltrate highly secure networks using air-gap jumping capability (e.g., “Hammer Drill” and “Brutal Kangaroo”) and spread through heterogeneous computing and communication platforms. Some of these cross-platform malware attacks are capable of infiltrating isolated control systems which might be running a variety of operating systems, such as Windows, Mac OS X, Solaris, and Linux. This paper investigates cross-platform/heterogeneous mobile malware that uses removable media, such as USB connection, to spread between incompatible computing platforms and operating systems. Deep analysis and modeling of cross-platform mobile malware are conducted at the micro (infection) and macro (spread) levels. The micro-level analysis aims to understand the cross-platform malware states and transitions between these states during node-to-node infection. The micro-level analysis helps derive the parameters essential for macro-level analysis, which are also crucial for the elaboration of suitable detection and prevention solutions. The macro-level analysis aims to identify the most important factors affecting cross-platform mobile malware spread within a digitized population. Through simulation, we show that identifying these factors helps to mitigate any outbreaks.

[1]  Brian D. Noble,et al.  Modeling epidemic spreading in mobile environments , 2005, WiSe '05.

[2]  Matthew Smith,et al.  Towards a mobile security & privacy simulator , 2011, 2011 IEEE Conference on Open Systems.

[3]  Guanhua Yan,et al.  Modeling Propagation Dynamics of Bluetooth Worms (Extended Version) , 2009, IEEE Transactions on Mobile Computing.

[4]  J. P. Trapman,et al.  On stochastic models for the spread of infections , 2006 .

[5]  Sancheng Peng,et al.  Smartphone Malware and Its Propagation Modeling: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[6]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.

[7]  Jiming Liu,et al.  Modeling and predicting the dynamics of mobile virus spread affected by human behavior , 2011, 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[8]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Jesse D. Kornblum Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[10]  Min Wu,et al.  Propagation model of smartphone worms based on semi-Markov process and social relationship graph , 2014, Comput. Secur..

[11]  F. Brauer,et al.  Mathematical Models in Population Biology and Epidemiology , 2001 .

[12]  Christos H. Papadimitriou,et al.  Algorithms, Games, and the Internet , 2001, ICALP.

[13]  Jiming Liu,et al.  Modeling and Restraining Mobile Virus Propagation , 2013, IEEE Transactions on Mobile Computing.

[14]  Ángel Martín del Rey,et al.  Modeling epidemics using cellular automata , 2006, Applied Mathematics and Computation.

[15]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[16]  L. Allen,et al.  A comparison of three different stochastic population models with regard to persistence time. , 2003, Theoretical population biology.

[17]  L. Allen,et al.  Comparison of deterministic and stochastic SIS and SIR models in discrete time. , 2000, Mathematical biosciences.

[18]  Legand L. Burge,et al.  Modelling the spread of mobile malware , 2008, Int. J. Comput. Aided Eng. Technol..

[19]  Biplab Sikdar,et al.  Modeling Malware Propagation in Networks of Smart Cell Phones with Spatial Dynamics , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[20]  Fei Su,et al.  Worm Propagation Modeling Based on Two-Factor Model , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[21]  Brian Anderson,et al.  Social Engineering and USB Come Together for a Brutal Attack , 2010 .

[22]  R. May,et al.  Infectious Diseases of Humans: Dynamics and Control , 1991, Annals of Internal Medicine.

[23]  Kang G. Shin,et al.  On Mobile Viruses Exploiting Messaging and Bluetooth Services , 2006, 2006 Securecomm and Workshops.

[24]  L. Allen Some discrete-time SI, SIR, and SIS epidemic models. , 1994, Mathematical biosciences.

[25]  Sancheng Peng,et al.  Modeling the dynamics of worm propagation using two-dimensional cellular automata in smartphones , 2013, J. Comput. Syst. Sci..

[26]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[27]  S. Riley,et al.  Five challenges for stochastic epidemic models involving global transmission , 2014, Epidemics.

[28]  Madhav V. Marathe,et al.  High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks , 2011, 2011 IEEE International Parallel & Distributed Processing Symposium.

[29]  Guanhua Yan,et al.  Bluetooth Worms: Models, Dynamics, and Defense Implications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[30]  Chengyu Song,et al.  Collecting Autonomous Spreading Malware Using High-Interaction Honeypots , 2007, ICICS.

[31]  Kwang-Cheng Chen,et al.  On Modeling Malware Propagation in Generalized Social Networks , 2011, IEEE Communications Letters.

[32]  Guo-Ping Jiang,et al.  Modeling malware propagation in wireless sensor networks using cellular automata , 2008, 2008 International Conference on Neural Networks and Signal Processing.

[33]  Lars Michael Kristensen,et al.  Coloured Petri Nets - Modelling and Validation of Concurrent Systems , 2009 .

[34]  Eitan Altman,et al.  Saddle-Point Strategies in Malware Attack , 2012, IEEE Journal on Selected Areas in Communications.

[35]  Chuanyi Ji,et al.  Spatial-temporal modeling of malware propagation in networks , 2005, IEEE Transactions on Neural Networks.

[36]  A. Kohn [Computer viruses]. , 1989, Harefuah.

[37]  Madhav V. Marathe,et al.  EpiNet: a simulation framework to study the spread of malware in wireless networks , 2009, SIMUTools 2009.

[38]  Denzil Ferreira,et al.  Understanding Human-Smartphone Concerns: A Study of Battery Life , 2011, Pervasive.

[39]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[40]  Stefan Saroiu,et al.  A preliminary investigation of worm infections in a bluetooth environment , 2006, WORM '06.

[41]  P. Kaye Infectious diseases of humans: Dynamics and control , 1993 .

[42]  Ken Dunham Mobile Malware Attacks and Defense , 2008 .

[43]  Eugene H. Spafford,et al.  Computer Viruses as Artificial Life , 1994, Artificial Life.

[44]  Jarkko Kari,et al.  Theory of cellular automata: A survey , 2005, Theor. Comput. Sci..

[45]  L. Allen An Introduction to Stochastic Epidemic Models , 2008 .

[46]  Wei Xia,et al.  Commwarrior worm propagation model for smart phone networks , 2008 .

[47]  YiXian Yang,et al.  Epidemic Model of Mobile Phone Virus for Hybrid Spread Mode with Preventive Immunity and Mutation , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[48]  Guanhua Yan,et al.  Modeling Propagation Dynamics of Bluetooth Worms , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[49]  Matthew Smith,et al.  Evaluating the threat of epidemic mobile malware , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[50]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[51]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[52]  K. Abbas,et al.  MODELING INFECTIOUS DISEASES USING GLOBAL STOCHASTIC CELLULAR AUTOMATA , 2005 .

[53]  Xuxian Jiang,et al.  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[54]  Mordechai Guri,et al.  AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).

[55]  Maziar Nekovee,et al.  The Opportunistic Transmission of Wireless Worms between Mobile Devices , 2008, ArXiv.