Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael...
-
Upload
garey-davis -
Category
Documents
-
view
213 -
download
0
Transcript of Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael...
![Page 1: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/1.jpg)
Can You Infect Me Now?Malware Propagation
in Mobile Phone Networks
Authors:
Presented by: Michael Annichiarico
![Page 2: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/2.jpg)
Mobile Malware
Like normal malware, but on mobile phones (smart phones and dumb ones too)
Why worry about mobile malware? “combination of vulnerable platforms
(symbian), unsuspecting users, and explosive growth in potential victims will inevitably attract propagating malware”
![Page 3: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/3.jpg)
What Makes This Paper Different?
Previous malware propagation research: Proximity Propagation
Bluetooth, etc
This research: Focuses on propagation via the
telecommunications network
![Page 4: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/4.jpg)
Why Moble Malware?(from the bad guy's perspective)
Smart phones are a lot like PCs: market share per OS (72% symbian) software vulnerabilities exist
Exploited smart phones could provide an attacker with means to: steal private data / users' identities spam make free calls execute (D)DoS
![Page 5: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/5.jpg)
Main Paper Goal(s)
Simulate the effects of mobile malware propagation via the telecommunications network Simulated both VoIP malware and MMS
malware
Draw some conclusions for defending
![Page 6: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/6.jpg)
Simulator
Event Driven, Custom Code. (so they could better adapt for their needs)
1 second step size, stepping 12 hours Infection beginning at a single phone Telecom Network
UMTS Topology
Boston Metro Area
![Page 7: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/7.jpg)
Network: UMTS
UMTS is the 3G successor to GSM (2.5G/GPRS, 2.75G/EDGE) Network side is very similar to GSM, air
interface side changed to support higher data rates.
Signaling and control are negligible (ignored in the model)
![Page 8: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/8.jpg)
Topology: Boston Metro Area
100sq miles, divided into 1sq mile cells
Mobile Station Distribution from US Census data scaled by 78% (by cell phone penetration)
Mobility is not modeled Authors speculate the bottleneck will be in
the network, not at the air interface
![Page 9: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/9.jpg)
Simplified UTMS Network
![Page 10: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/10.jpg)
Simulation Construction
Assume normal MMS usage is based on a charge per message
MMS Server Capacity Server handles 100 msg/sec, although higher rates
were simulated with “a qualitatively similar result” Authors explanation: MMS server will not be dimensioned
to handle users behaving like an aggressive worm (i.e., sending large numbers of messages as quickly as possible).
Bottom-up design of the UMTS Network
![Page 11: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/11.jpg)
Simplified UTMS Network
![Page 12: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/12.jpg)
Simplified UTMS Network
![Page 13: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/13.jpg)
Simplified UTMS Network
![Page 14: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/14.jpg)
Simplified UTMS Network
![Page 15: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/15.jpg)
Simplified UTMS Network
![Page 16: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/16.jpg)
Simplified UTMS Network
![Page 17: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/17.jpg)
Simplified UTMS Network
![Page 18: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/18.jpg)
Modeled UTMS Network
![Page 19: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/19.jpg)
Simulation Parameters
1 single serverserving 100 msg/sec
49 serversserving 10k users each
49 servers
9616 Node B's
2Mbps
100Mbps
1Gbps links between SGSNs
![Page 20: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/20.jpg)
Simulation Notes
“The granularity of our Node B placement was a limiting factor of our initial population data. A finer granularity would, no doubt, offer a more detailed and accurate picture of malware propagation.”
![Page 21: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/21.jpg)
Spreading via Phone books/Contact Lists
No published studies of address book characteristics found, so:
1-1000 contacts (upper limit from empirical data on phone book maximums)
Phone book/contact degree distributions based on statistical analysis
![Page 22: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/22.jpg)
Phonebook/contact degree distributions(for contact list size)
Power-Law: from yahoo email groups, and other authors' research.
Log-Normal: from social networking websites' statistics.
Erlang Dist: from authors' experiment (but very small sample size of 73)
![Page 23: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/23.jpg)
Node Attachment ... you dont call everybody in your address book
Probabilistically randomly assign address book size based on distribution, then...
70% - “The probability that two users were friends was proportional to the inverse of the number of people between them.”(from LiveJournal.com study)
30% uniformly randomly assigned
![Page 24: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/24.jpg)
Attack Vector: VoIP
Assumes vulnerable service on the mobile phone which does not require user interaction
Assume all phones are vulnerable. (Authors note that in reality a fraction
would be vulnerable, and they state a qualitatively similar result)
![Page 25: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/25.jpg)
Simulated Propagation of VoIP Malware
“...constrained bandwidth should also be considered; but doing so requires estimating typical traffic characteristics, and we lacked meaningful data on which to base such estimates.” --- ?????
![Page 26: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/26.jpg)
Techniques for Faster Propagation of VoIP Malware (and Simulation Results)
Divide and distribute (transfer) contacts from address book
Congestion backoff (wait) 10s
![Page 27: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/27.jpg)
Attack Vector: MMS
Handled by central MMS server
Requires user interaction only a percentage “F” act on message
Can be done while phone is off So there is a wait time to answer messages.
Mixture of two Gaussian distributions centered at 20s & 45m
![Page 28: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/28.jpg)
Simulated Propagation of MMS Malware
![Page 29: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/29.jpg)
Techniques for Faster Propagation of MMS Malware
Congestion backoff (10s) Not very much advantage, due to MMS central
server constraint.
Divide and distribute contacts from address book Same as above
Global contact book method Infected half the population in 12 hrs. (what F
value?)
![Page 30: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/30.jpg)
Faster MMS Malware Propagation
![Page 31: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/31.jpg)
Defending Against Mobile Malware Propagation in Telecom. Networks
(This section is way too small in the paper, would have liked to see more on this.)
Rate Limiting ACCELLERATES infection! (same as congestion
avoidance) Blacklisting Containment
large number still get infected more slowly (no details given on %).
removing phones leads to a less congested network for those infected but non-blacklisted phones
Content Filtering “Seems promising due to centralized topology.”
"Investigating whether it's practical remains future work." (and they didnt provide any information on how promising or why)
![Page 32: Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649de65503460f94adebb2/html5/thumbnails/32.jpg)
Questions?