Modelling the malware propagation in mobile computer devices

Nowadays malware is a major threat to the security of cyber activities. The rapid development of the Internet and the progressive implementation of the Internet of Things (IoT) increase the security needs of networks. This research presents a theoretical model of malware propagation for mobile computer devices. It is based on the susceptible-exposed-infected-recovered-susceptible (SEIRS) epidemic model. The scheme is based on a concrete connection pattern between nodes defined by both a particular neighbourhood which fixes the connection between devices, and a local rule which sets whether the link is infective or not. The results corroborate the ability of our model to perform the behaviour patterns provided by the ordinary differential equation (ODE) traditional method

Scattered Security System for Mobile Networks through Assorted Contraption

Malware is malevolent programming which irritates the system PC operation, hacking the touchy data and gets to the private frameworks. It is only a project which is particularly intended to harm the PC it might be an infection or worm. Along these lines, keeping in mind the end goal to defeat this issue a two-layer system model is exhibited for reenacting infection spread through both Bluetooth and SMS. The two strategies are examined for controlling the versatile infection engendering. i.e., preimmunization and versatile appropriation strategies drawing on the philosophy of self-sufficiency situated processing (AOC). Yet, this strategy does not consider the mixture infections that disperse by means of both BT and SMS channels. In this way, to expand the productivity of controlling the engendering of cell telephone infections, we present a creative methodology called a Hybrid infection identification model. The cross breed malware can be disseminated by both end to-end informing administrations through individual social correspondences and short-extend remote correspondence administrations. In this system, another differential comparison based technique is proposed to analyze the blended practices of   Delocalized virus and swell based spread for the cross breed malware in summed up informal communities including of individual and spatial social relations. A test result demonstrates that the proposed framework is computationally viable to recognize the crossover malware. Studies on the engendering of malware in versatile systems have uncovered that the spread of malware can be very inhomogeneous. Stage differing qualities, contact list use by the malware, grouping in the system structure, and so on can likewise prompt contrasting spreading rates. In this paper, a general formal structure is proposed for utilizing such heterogeneity to infer ideal fixing approaches that achieve the base total cost because of the spread of malware and the extra charge of fixing. Utilizing Pontryagin's Maximum Principle for a stratified scourge model, it is logically demonstrated that in the mean-field deterministic administration, ideal patch spreads are straightforward single-edge arrangements. Through numerical recreations, the conduct of ideal fixing approaches is examined in test topologies and their points of interest are illustrated

Storms in mobile networks

Mobile networks are vulnerable to signalling attacks and storms caused by traffic that overloads the control plane through excessive signalling, which can be introduced via malware and mobile botnets. With the advent of machine-to-machine (M2M) communications over mobile networks, the potential for signalling storms increases due to the normally periodic nature of M2M traffic and the sheer number of communicating nodes. Several mobile network operators have also experienced signalling storms due to poorly designed applications that result in service outage. The radio resource control (RRC) protocol is particularly susceptible to such attacks, motivating this work within the EU FP7 NEMESYS project which presents simulations that clarify the temporal dynamics of user behavior and signalling, allowing us to suggest how such attacks can be detected and mitigated

Propagation, Detection and Containment of Mobile Malware.

Today's enterprise systems and networks are frequent targets of malicious attacks, such as worms, viruses, spyware and intrusions that can disrupt, or even disable critical services. Recent trends suggest that by combining spyware as a malicious payload with worms as a delivery mechanism, malicious programs can potentially be used for industrial espionage and identity theft. The problem is compounded further by the increasing convergence of wired, wireless and cellular networks, since virus writers can now write malware that can crossover from one network segment to another, exploiting services and vulnerabilities specific to each network. This dissertation makes four primary contributions. First, it builds more accurate malware propagation models for emerging hybrid malware (i.e., malware that use multiple propagation vectors such as Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing key propagation factors such as heterogeneity of nodes, services and user mobility within the network. Second, it develops a proactive containment framework based on group-behavior of hosts against such malicious agents in an enterprise setting. The majority of today's anti-virus solutions are reactive, i.e., these are activated only after a malicious activity has been detected at a node in the network. In contrast, proactive containment has the potential of closing the vulnerable services ahead of infection, and thereby halting the spread of the malware. Third, we study (1) the current-generation mobile viruses and worms that target SMS/MMS messaging and Bluetooth on handsets, and the corresponding exploits, and (2) their potential impact in a large SMS provider network using real-life SMS network data. Finally, we propose a new behavioral approach for detecting emerging malware targeting mobile handsets. Our approach is based on the concept of generalized behavioral patterns instead of traditional signature-based detection. The signature-based methods are not scalable for deployment in mobile devices due to limited resources available on today's typical handsets. Further, we demonstrate that the behavioral approach not only has a compact footprint, but also can detect new classes of malware that combine some features from existing classes of malware.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60849/1/abose_1.pd

Malware Propagation in Online Social Networks: Modeling, Analysis and Real-world Implementations

The popularity and wide spread usage of online social networks (OSNs) have attracted hackers and cyber criminals to use OSNs as an attack platform to spread malware. Over the last few years, Facebook users have experienced hundreds of malware attacks. A successful attack can lead to tens of millions of OSN accounts being compromised and computers being infected. Cyber criminals can mount massive denial of service attacks against Internet infrastructures or systems using compromised accounts and computers. Malware infecting a user's computer have the ability to steal login credentials and other confidential information stored on the computer, install ransomware and infect other computers on the same network. Therefore, it is important to understand propagation dynamics of malware in OSNs in order to detect, contain and remove them as early as possible. The objective of this dissertation is thus to model and study propagation dynamics of various types of malware in social networks such as Facebook, LinkedIn and Orkut. In particular, - we propose analytical models that characterize propagation dynamics of cross-site scripting and Trojan malware, the two major types of malware propagating in OSNs. Our models assume the topological characteristics of real-world social networks, namely, low average shortest distance, power-law distribution of node degrees and high clustering coefficient. The proposed models were validated using a real-world social network graph. - we present the design and implementation of a cellular botnet named SoCellBot that uses the OSN platform as a means to recruit and control cellular bots on smartphones. SoCellBot utilizes OSN messaging systems as communication channels between bots. We then present a simulation-based analysis of the botnet's strategies to maximize the number of infected victims within a short amount of time and, at the same time, minimize the risk of being detected. - we describe and analyze emerging malware threats in OSNs, namely, clickjacking, extension-based and Magnet malware. We discuss their implementations and working mechanics, and analyze their propagation dynamics via simulations. - we evaluate the performance of several selective monitoring schemes used for malware detection in OSNs. With selective monitoring, we select a set of important users in the network and monitor their and their friends activities and posts for malware threats. These schemes differ in how the set of important users is selected. We evaluate and compare the effectiveness of several selective monitoring schemes in terms of malware detection in OSNs