How can botnets cause storms? Understanding the evolution and impact of mobile botnets

A botnet in mobile networks is a collection of compromised nodes due to mobile malware, which are able to perform coordinated attacks. Different from Internet botnets, mobile botnets do not need to propagate using centralized infrastructures, but can keep compromising vulnerable nodes in close proximity and evolving organically via data forwarding. Such a distributed mechanism relies heavily on node mobility as well as wireless links, therefore breaks down the underlying premise in existing epidemic modeling for Internet botnets. In this paper, we adopt a stochastic approach to study the evolution and impact of mobile botnets. We find that node mobility can be a trigger to botnet propagation storms: the average size (i.e., number of compromised nodes) of a botnet increases quadratically over time if the mobility range that each node can reach exceeds a threshold; otherwise, the botnet can only contaminate a limited number of nodes with average size always bounded above. This also reveals that mobile botnets can propagate at the fastest rate of quadratic growth in size, which is substantially slower than the exponential growth of Internet botnets. To measure the denial-of-service impact of a mobile botnet, we define a new metric, called last chipper time, which is the last time that service requests, even partially, can still be processed on time as the botnet keeps propagating and launching attacks. The last chipper time is identified to decrease at most on the order of 1/√B, where B is the network bandwidth. This result reveals that although increasing network bandwidth can help with mobile services; at the same time, it can indeed escalate the risk for services being disrupted by mobile botnets.

[1]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[2]  Mathew D. Penrose,et al.  Random Geometric Graphs , 2003 .

[3]  Lei Sun,et al.  On latency distribution and scaling: from finite to large Cognitive Radio Networks under general mobility , 2012, 2012 Proceedings IEEE INFOCOM.

[4]  Pelin Angin,et al.  Real-time Mobile-Cloud Computing for Context- Aware Blind Navigation , 2011, Int. J. Next Gener. Comput..

[5]  Israel Cidon,et al.  The power of prediction: cloud bandwidth and cost reduction , 2011, SIGCOMM.

[6]  Jie Wu,et al.  CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Jean-Pierre Seifert,et al.  Rise of the iBots: Owning a telco network , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[8]  Lei Sun,et al.  On distribution and limits of information dissemination latency and speed in mobile cognitive radio networks , 2011, 2011 Proceedings IEEE INFOCOM.

[9]  Matthias Grossglauser,et al.  CRAWDAD dataset epfl/mobility (v.2009-02-24) , 2009 .

[10]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[11]  Steven Myers,et al.  Why Mobile-to-Mobile Wireless Malware Won't Cause a Storm , 2011, LEET.

[12]  Stefano Zanero,et al.  Studying Bluetooth Malware Propagation: The BlueBag Project , 2007, IEEE Security & Privacy.

[13]  A. Lambert Some aspects of discrete branching processes , 2010 .

[14]  Sudarshan K. Dhall,et al.  Measurement and analysis of worm propagation on Internet network topology , 2004, Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969).

[15]  R. Meester,et al.  Continuum percolation: References , 1996 .

[16]  Sencun Zhu,et al.  A Social Network Based Patching Scheme for Worm Containment in Cellular Networks , 2009, IEEE INFOCOM 2009.

[17]  Do Young Eun,et al.  Crossing over the bounded domain: from exponential to power-law inter-meeting time in MANET , 2007, MobiCom '07.

[18]  Xiaoqiao Meng,et al.  Performance analysis of Coupling Scheduler for MapReduce/Hadoop , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  Stefan Saroiu,et al.  A preliminary investigation of worm infections in a bluetooth environment , 2006, WORM '06.

[20]  Byung-Gon Chun,et al.  Dynamically partitioning applications between weak devices and clouds , 2010, MCS '10.

[21]  Piet Van Mieghem,et al.  Virus Spread in Networks , 2009, IEEE/ACM Transactions on Networking.

[22]  Guanhua Yan,et al.  Bluetooth worm propagation: mobility pattern matters! , 2007, ASIACCS '07.

[23]  Guanhua Yan,et al.  Modeling Propagation Dynamics of Bluetooth Worms (Extended Version) , 2009, IEEE Transactions on Mobile Computing.

[24]  Do Young Eun,et al.  Crossing over the bounded domain: from exponential to power-law intermeeting time in mobile ad hoc networks , 2009, TNET.

[25]  Eduard Heindl,et al.  Understanding the spreading patterns of mobile phone viruses , 2012 .

[26]  Paolo Giaccone,et al.  Capacity scaling in delay tolerant networks with heterogeneous mobile nodes , 2007, MobiHoc '07.

[27]  Yung-Hsiang Lu,et al.  Cloud Computing for Mobile Users: Can Offloading Computation Save Energy? , 2010, Computer.