ArticlePDF Available

Heterogeneous Projection of Disruptive Malware Prevalence in Mobile Social Networks

Authors:

Abstract and Figures

Segregating the latency phase from the actual disruptive phase of certain mobile malware grades offers more opportunities to effectively mitigate the viral spread in its early stages. Inspired by epidemiology, in this paper, a stochastic propagation model that accounts for infection latency of disruptive malware in both personal and spatial social links between constituent mobile network user pairs is proposed. To elucidate the true impact of unique user attributes on the virulence of the proposed spreading process, heterogeneity in transition rates is also considered in an approximated mean-field epidemic network model. Furthermore, derivations for the system equilibrium and stability analysis are provided. Simulation results showcase the viability of our model in contrasting between latent and disruptive infection stages with respect to a homogeneous population-level benchmark model. Index Terms-Mobile social networks, heterogeneous epidemic model, disruptive virus, mean-field theory, equilibrium analysis.
Content may be subject to copyright.
1
Heterogeneous Projection of Disruptive Malware Prevalence in
Mobile Social Networks
Aldiyar Dabarov, Madiyar Sharipov, Aresh Dadlani, Muthukrishnan S. Kumar, Walid Saad, Choong Seon Hong
Abstract—Segregating the latency phase from the actual disrup-
tive phase of certain mobile malware grades offers more oppor-
tunities to effectively mitigate the viral spread in its early stages.
Inspired by epidemiology, in this paper, a stochastic propagation
model that accounts for infection latency of disruptive malware in
both personal and spatial social links between constituent mobile
network user pairs is proposed. To elucidate the true impact of
unique user attributes on the virulence of the proposed spreading
process, heterogeneity in transition rates is also considered in an
approximated mean-field epidemic network model. Furthermore,
derivations for the system equilibrium and stability analysis are
provided. Simulation results showcase the viability of our model
in contrasting between latent and disruptive infection stages with
respect to a homogeneous population-level benchmark model.
Index Terms—Mobile social networks, heterogeneous epidemic
model, disruptive virus, mean-field theory, equilibrium analysis.
I. INTRODUCTION
PREDOMINANTLY driven by the prevalent use of personal
mobile devices, the evolution of assortative interactions
between mobile social network (MSN) users has initiated an
array of research topics [1]. The heterogeneity of users and of the
multi-faceted relations among them however, further complicate
the characterization of information flow intertwined with the
underlying network structure. While information diffusion can
take many forms, the precision of modeling frameworks in
foreseeing malware outbreaks in MSNs remains a key challenge.
With the expanding smartphone market, the vectors exploited
by different malware strains to infect susceptible smart devices
have also grown in variety [2], [3]. Some commonly adopted
vectors for cyber attacks include Bluetooth (BT), email attach-
ments, and SMS/MMS messaging services (MS). Digital viruses
can exploit both personal and spatial social links to propagate
in MSNs [4]–[6]. Personal links are established based on the
contact lists and anonymized call records in each handset, while
standard short-range communication protocols such as wireless
BT define the spatial ties between neighboring mobile users
within a given transmission range.
Epidemic models have been instrumental in quantitatively
predicting malware outbreaks in generic social networks. In
regard with population-level models, the authors in [5] charac-
terize hybrid mobile viruses that exploit BT and MS protocols
to target the susceptible user base. In [6], the mixed behaviors of
long-range infection spreading pattern through MS and ripple-
based infection via BT using ordinary differential equations
is investigated. Epidemic-based information dissemination in
MSNs using opportunistic peer-to-peer links has been studied
in [7]. More recently, mean-field approximations of individual-
based spreading processes have been compelling in exposing
the relationship between epidemic thresholds and the spectral
radius of contact networks. However, relatively fewer agent-
based epidemic models exist that describe the time evolution
of the state occupancy probabilities in terms of the number of
Markovian users over complex networks [8]–[11]. The authors
in [8] proved that the infection-free equilibrium in aggregated-
Markovian random graph processes is almost surely exponen-
tial. To account for user tendency to switch between alternative
social preferences, the authors in [9] generalized the seminal
work in [10] to derive the steady-state phase transition thresholds
between extinction, co-existence, and absolute dominance of
memes. In [11], the authors proposed a continuous-time bi-
layer network model with generic infection rates to analyze the
dynamics of competitive spreading in multi-virus scenarios.
Unlike conventional virus models that impair the functional-
ity of mobile gadgets immediately after being transmitted, dis-
ruptive viruses such as Commwarrior, Mellisa, CIH, and Blue-
Borne have a two-phase life cycle: the latent phase succeeded
by the disruptive phase [12]. In the former phase, the malware
infects other connected susceptible nodes by replicating itself
while residing in the victimized host, whereas the functionality
of the infected host is hindered only in the latter phase. All
the above efforts ([5]–[9], [11]) fail to discern between the two
phases therefore, resulting in over-estimated predictions on the
fraction of mobile users infected by disruptive malware. To our
best knowledge, there exists no prior analytical work quantifying
the infection latency for hybrid disruptive malware spread in
MSNs, where microscopic user-level dynamics are incorporated
and the state transition rates are subjective to each user.
To fill this gap, the main contribution of this paper is a
novel mean-field approximated epidemic model to characterize
the spreading pattern of disruptive malware promoted through
BT and MS protocols in generic MSNs by subsuming the
heterogeneity in user-level interactions. To ensure the validity of
the resulting prediction in steady-state, we prove the existence
of a unique viral equilibrium and investigate the asymptotic
stability of the viral-free equilibrium for our model. We then
demonstrate the precision of the proposed network model by
benchmarking it against a homogeneously-mixing population-
level epidemic model via simulations. Results obtained show the
efficacy of the model in differentiating between users infected
via the two transmission modes. In absence of large empirical
data samples, such a fine-tuned projection model would help
devise effective control strategies in significantly shorter time
and minimize the investment costs incurred.
II. SY ST EM MO DE L DESCRIPTION
Consider a typical MSN of size 𝑁, where each mobile user,
labeled from 1 to 𝑁, interact with each other using smart devices.
2
ݎ୆୘
Infected user Susceptible users
Beyond BT range user
BT transmission range of radius ݎ୆୘
MS transmission links
User ݅
ܫ
୑ୗ(ݐ)ܮ
୑ୗ(ݐ)ܵ(ݐ)ܮ
୆୘(ݐ)ܫ
୆୘(ݐ)
ܽ
୆୘
ߛ
୆୘
ߜ
୆୘
ߠ
୆୘
ߛ
୑ୗ
ߠ
୑ୗ
ߜ
୑ୗ
ܽ
୑ୗ
Fig. 1: Propagation mechanism and the proposed epidemic model of
a disruptive malware in MSNs.
To distinguish between social links created by spatial BT and
personal MS links in the network, we define respectively, graphs
𝐺1(V,E1)and 𝐺2(V ,E2), where V={1,2, . . . , 𝑁}. Link
(𝑖, 𝑗 ) ∈ E 1if users 𝑖and 𝑗are within the BT transmission range
of radius 𝑟BT. Similarly, link (𝑖, 𝑗) ∈ E2if user 𝑖is connected
to user 𝑗in the personal social network. Let 𝑨,[𝑎𝑖 𝑗 ]𝑁×𝑁
and 𝑩,[𝑏𝑖 𝑗 ]𝑁×𝑁be the irreducible adjacency matrices
corresponding to 𝐺1and 𝐺2, respectively. We assume that the
network is undirected and thus, matrices 𝑨and 𝑩are symmetric.
Consistent with definitions in the literature, each user is either
in the susceptible (𝑆), latent (𝐿), or disruptive (𝐼) state at any
given time as shown in Fig. 1. User𝑖is said to be susceptible if it
is healthy and not yet infected by the malware. Upon receiving
the malware, the user becomes latent if the infection is in the
latent phase and then turns disruptive in the successive phase
[12]. To represent the state of the network at time 𝑡, we define
the stochastic process {𝑋𝑖(𝑡);𝑡0}, where 𝑖∈ V,𝑋𝑖(𝑡)is:
𝑋𝑖(𝑡)=
0 ; if user 𝑖is susceptible at 𝑡,
1 ; if user 𝑖is latent by BT at 𝑡,
2 ; if user 𝑖is disruptive by BT at 𝑡,
3 ; if user 𝑖is latent by MS at 𝑡,
4 ; if user 𝑖is disruptive by MS at 𝑡.
(1)
Using (1), we now denote the probability of user 𝑖being in any
one of the five possible states as 𝑆𝑖(𝑡)=Pr{𝑋𝑖(𝑡)=0},𝐿BT
𝑖(𝑡)=
Pr{𝑋𝑖(𝑡)=1},𝐼BT
𝑖(𝑡)=Pr{𝑋𝑖(𝑡)=2},𝐿MS
𝑖(𝑡)=Pr{𝑋𝑖(𝑡)=3},
and 𝐼MS
𝑖(𝑡)=Pr{𝑋𝑖(𝑡)=4}, where 1𝑖𝑁and 𝑆𝑖(𝑡) + 𝐿BT
𝑖(𝑡)+
𝐼BT
𝑖(𝑡)+𝐿MS
𝑖(𝑡)+𝐼MS
𝑖(𝑡)=1.
A susceptible user 𝑖is infected by user 𝑗via BT asynchronous
connectionless link (ACL) in the discoverable mode at the
constant rate of 𝛽𝐿BT
𝑗>0if user 𝑗is in the latent infection
state and with rate 𝛽𝐼BT
𝑗>0if user 𝑗is in the disruptive state.
Likewise, in MS-mediated propagation, user 𝑖is infected by
latent (disruptive) user 𝑗at the constant rate of 𝛽𝐿MS
𝑗(𝛽𝐼MS
𝑗)>0.
The latency time for latent user 𝑖affected through BT (MS) is
assumed to be exponentially distributed with the latency rate
of 𝛿BT
𝑖(𝛿MS
𝑖)>0[5], [6]. Due to frequent updates of mobile
operating systems and anti-viruses, a latent (disruptive) user
𝑖recovers back to susceptibility at rates 𝛾BT
𝑖(𝜃BT
𝑖)>0and
𝛾MS
𝑖(𝜃MS
𝑖)>0in the BT and MS settings, respectively.
The corresponding continuous-time Markov process of the
proposed model becomes analytically intractable as the state
space size grows exponentially with increase in |V |. Approxi-
mation techniques are normally applied to resolve the state space
size problem at the expense of accuracy. Deductions from mean-
field approximated network models are shown to be asymp-
totically almost exact to sufficiently large real-world networks
as they provide an upper bound for the exact probability of
user infection [13]. Accordingly, we adopt a first-order mean-
field approximation to reduce the dimensionality of the exact
Markovian network model down to 4𝑁space.
Given a sufficiently small time interval of (𝑡+Δ𝑡), for Δ𝑡 > 0,
the following state transition probabilities for mobile user 𝑖hold
valid, where the remaining invalid state transition conditional
probabilities are denoted by the asymptotic notation 𝑜(Δ𝑡):
Pr{𝑋𝑖(𝑡+Δ𝑡)=1|𝑋𝑖(𝑡)=0}=𝑎BT
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=3|𝑋𝑖(𝑡)=0}=𝑎MS
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=0|𝑋𝑖(𝑡)=1}=𝛾BT
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=2|𝑋𝑖(𝑡)=1}=𝛿BT
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=0|𝑋𝑖(𝑡)=2}=𝜃BT
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=0|𝑋𝑖(𝑡)=3}=𝛾MS
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=4|𝑋𝑖(𝑡)=3}=𝛿MS
𝑖Δ𝑡+𝑜(Δ𝑡),
Pr{𝑋𝑖(𝑡+Δ𝑡)=0|𝑋𝑖(𝑡)=4}=𝜃MS
𝑖Δ𝑡+𝑜(Δ𝑡),
(2)
The linear infection rates via BT and MS links, denoted by 𝑎BT
𝑖
and 𝑎MS
𝑖, respectively, are defined as follows:
𝑎BT
𝑖,
𝑁
Õ
𝑗=1
𝑎𝑖, 𝑗 𝛽𝐿BT
𝑗𝐿BT
𝑗(𝑡) + 𝛽𝐼BT
𝑗𝐼BT
𝑗(𝑡)(3)
and 𝑎MS
𝑖,
𝑁
Õ
𝑗=1
𝑏𝑖, 𝑗 𝛽𝐿MS
𝑗𝐿MS
𝑗(𝑡) + 𝛽𝐼MS
𝑗𝐼MS
𝑗(𝑡).(4)
Undertaking the approach in [11], we use (2) to derive 𝐿BT
𝑖(𝑡+
Δ𝑡),𝐼BT
𝑖(𝑡+Δ𝑡),𝐿MS
𝑖(𝑡+Δ𝑡), and 𝐼MS
𝑖(𝑡+Δ𝑡)based on the law of
total probability. We then linearize the resultant system in what
follows to facilitate our analysis in closed form.
A. BT-Mediated Spreading Dynamics
Transition of user 𝑖to the latent state in a BT network at time
(𝑡+Δ𝑡)can occur only if (i) user 𝑖was susceptible or (ii) latent
at time 𝑡. Mathematically, this is expressed as:
𝐿BT
𝑖(𝑡+Δ𝑡)=𝑆𝑖(𝑡) · Pr{𝑋𝑖(𝑡+Δ𝑡)=1|𝑋𝑖(𝑡)=0}
+𝐿BT
𝑖(𝑡) · Pr{𝑋𝑖(𝑡+Δ𝑡)=1|𝑋𝑖(𝑡)=1}.(5)
Similarly, user 𝑖enters the disruptive state at (𝑡+Δ𝑡)via BT
communication only if (i) latent or (ii) disruptive at time 𝑡, i.e.,
𝐼BT
𝑖(𝑡+Δ𝑡)=𝐿BT
𝑖(𝑡) · Pr{𝑋𝑖(𝑡+Δ𝑡)=2|𝑋𝑖(𝑡)=1}
+𝐼BT
𝑖(𝑡) · Pr{𝑋𝑖(𝑡+Δ𝑡)=2|𝑋𝑖(𝑡)=2}.(6)
By substituting (2) in (5) and (6), dividing both sides by Δ𝑡,
and letting Δ𝑡0, we arrive at the following system:
𝑑𝐿BT
𝑖(𝑡)
𝑑𝑡
=1𝐿BT
𝑖(𝑡)𝐼BT
𝑖(𝑡)𝐿MS
𝑖(𝑡)𝐼MS
𝑖(𝑡)𝑎BT
𝑖
− (𝛾BT
𝑖+𝛿BT
𝑖)𝐿BT
𝑖(𝑡),𝑖=1,2, . . . , 𝑁 ,
𝑑𝐼BT
𝑖(𝑡)
𝑑𝑡
=𝛿BT
𝑖𝐿BT
𝑖(𝑡) − 𝜃BT
𝑖𝐼BT
𝑖(𝑡),𝑖=1,2, . . . , 𝑁 .
(7)
3
B. MS-Mediated Spreading Dynamics
The MS spreading model is derived in a similar manner, with
the resulting system having the same structure as (7), except
for the matrix 𝑩corresponding to the personal social network,
where 𝑎BT
𝑖is replaced by 𝑎MS
𝑖:
𝑑𝐿MS
𝑖(𝑡)
𝑑𝑡
=1𝐿BT
𝑖(𝑡)𝐼BT
𝑖(𝑡)𝐿MS
𝑖(𝑡)𝐼MS
𝑖(𝑡)𝑎MS
𝑖
(𝛾MS
𝑖+𝛿MS
𝑖)𝐿MS
𝑖(𝑡),𝑖=1,2, . . . , 𝑁 ,
𝑑𝐼MS
𝑖(𝑡)
𝑑𝑡
=𝛿MS
𝑖𝐿MS
𝑖(𝑡) − 𝜃MS
𝑖𝐼MS
𝑖(𝑡),𝑖=1,2, . . . , 𝑁 .
(8)
Hence, the approximated network model is a system of 4𝑁
differential equations represented by (7) and (8) collectively.
III. EQUILIBRIUM AND STABI LI TY ANALYS IS
We now postulate a theorem related to the global stability
of the trivial infection-free equilibrium, given by 𝑬0, and then
derive the unique non-trivial virulent equilibrium, 𝑬. In steady-
state, such analysis ensures that our non-linear model reaches an
equilibrium point irrespective of the initial number of infected
users. This is thus, necessary to justify the prediction fidelity of
our model by showing that it stabilizes in a positively invariant
state space [11]. To this end, we define vector 𝑫(𝑡)as:
𝑫(𝑡),𝐿BT
1(𝑡), . . . , 𝐿BT
𝑁(𝑡), 𝐼BT
1(𝑡), . . . , 𝐼 BT
𝑁(𝑡),
𝐿MS
1(𝑡), . . . , 𝐿MS
𝑁(𝑡), 𝐼MS
1(𝑡), . . . , 𝐼 MS
𝑁(𝑡)𝑇
=𝐿BT
1... 𝑁 (𝑡), 𝐼BT
1... 𝑁 (𝑡), 𝐿MS
1... 𝑁 (𝑡), 𝐼MS
1... 𝑁 (𝑡)𝑇.(9)
Also, let the reduced state space, Ω, be given as:
Ω = 𝐿BT
1... 𝑁 (𝑡), 𝐼BT
1... 𝑁 (𝑡), 𝐿MS
1... 𝑁 (𝑡), 𝐼MS
1... 𝑁 (𝑡)𝑇R4𝑁
+
𝐿BT
𝑖(𝑡)+𝐼BT
𝑖(𝑡)+𝐿MS
𝑖(𝑡)+𝐼MS
𝑖(𝑡) ≤ 1, 𝑖 =1, . . . , 𝑁.
(10)
Since 𝐿BT
𝑖(𝑡),𝐼BT
𝑖(𝑡),𝐿MS
𝑖(𝑡), and 𝐼MS
𝑖(𝑡)are probabilistic
values in [0,1]that sum up to one for all 𝑡0,Ωis positively
invariant for the model in (7) and (8) [12]. In other words,
𝑫(0) ∈ Ωimplies that 𝑫(𝑡) ∈ Ωfor all 𝑡values. Our
proposed system has a trivial steady-state equilibrium 𝑬0=
(0,0, . . . , 0)𝑇which is always infection-free. An equilibrium
is said to be globally stable if it is both, asymptotically stable
and globally attracting. For matrices 𝒀1,𝑨·diag(𝛽𝐿BT
𝑖)and
𝒁1,𝑩·diag(𝛽𝐿MS
𝑖), the following theorem examines the global
stability condition for 𝑬0, where 𝑐,min1𝑖𝑁{𝛾BT
𝑖, 𝛾MS
𝑖},𝑰
is the identity matrix of order 𝑁, and 𝜆1(·) is the spectral radius
of a square matrix.
Theorem 1. Equilibrium 𝑬0is globally asymptotically stable
with respect to Ωif 𝜆1(𝒀1+𝒁1𝑐𝑰)<0.
Proof. Let 𝐶𝑖(𝑡)be the sum 𝐿BT
𝑖(𝑡) + 𝐼BT
𝑖(𝑡) + 𝐿MS
𝑖(𝑡) + 𝐼MS
𝑖(𝑡).
For all 𝑖∈ V, taking the derivative of 𝐶𝑖(𝑡)yields:
𝑑𝐶𝑖(𝑡)
𝑑𝑡
=1𝐶𝑖(𝑡)𝑎BT
𝑖+𝑎MS
𝑖𝛾BT
𝑖𝐿BT
𝑖(𝑡) − 𝜃BT
𝑖𝐼BT
𝑖(𝑡)
𝛾MS
𝑖𝐿MS
𝑖(𝑡) − 𝜃MS
𝑖𝐼MS
𝑖(𝑡)
𝑁
Õ
𝑗=1
𝑎𝑖, 𝑗 𝛽𝐿BT
𝑗𝐶𝑗(𝑡) +
𝑁
Õ
𝑗=1
𝑏𝑖, 𝑗 𝛽𝐿MS
𝑗𝐶𝑗(𝑡) − 𝑐 𝐶𝑖(𝑡),
For 𝒘(𝑡),𝑤1(𝑡), 𝑤2(𝑡), . . . , 𝑤𝑁(𝑡)𝑇and 𝑤𝑖(0)=𝐶𝑖(0),
𝑖∈ V, the comparison system can be expressed as:
𝑑𝑤𝑖(𝑡)
𝑑𝑡
=
𝑁
Õ
𝑗=1
𝑎𝑖, 𝑗 𝛽𝐿BT
𝑗𝑤𝑗(𝑡) +
𝑁
Õ
𝑗=1
𝑏𝑖, 𝑗 𝛽𝐿MS
𝑗𝑤𝑗(𝑡) − 𝑐 𝑤𝑖(𝑡),
and re-written in matrix form as 𝒘0(𝑡)=(𝒀1+𝒁1𝑐𝑰)𝒘(𝑡).
Since 𝜆1(𝒀1+𝒁1𝑐𝑰)<0, it follows from the fundamental the-
ory on linear differential systems that 𝒘(𝑡) → 0. Consequently,
according to Chaplygin lemma on differential inequalities, we
have 𝑫(𝑡) ≤ 𝒘(𝑡)for all 𝑡 > 0values. Thus, as 𝑡approaches
infinity, 𝑫(𝑡) → 0, which completes the proof.
In epidemiology, the existence of the non-trivial viral equi-
librium 𝑬is determined by the outbreak threshold, commonly
known as the basic reproduction ratio (R0). In particular, the
infection eventually dies out in the network (i.e., reaches 𝑬0)
if R0<1and persists (i.e., converges to 𝑬) if R0>1. Such
an equilibrium can now be obtained by considering (7) and (8)
together in steady-state. Thus, for all 𝑖=1,2, . . . , 𝑁 , setting the
left-side derivatives of the equations to zero yields the following:
𝐼BT
𝑖=𝛿BT
𝑖
𝜃BT
𝑖
𝐿BT
𝑖,
𝐼MS
𝑖=𝛿MS
𝑖
𝜃MS
𝑖
𝐿MS
𝑖,
𝜖BT
𝑖𝐿BT
𝑖= 1𝐿BT
𝑖𝛿BT
𝑖
𝜃BT
𝑖
𝐿BT
𝑖𝐿MS
𝑖𝛿MS
𝑖
𝜃MS
𝑖
𝐿MS
𝑖!𝑎BT
𝑖,
𝜖MS
𝑖𝐿MS
𝑖= 1𝐿BT
𝑖𝛿BT
𝑖
𝜃BT
𝑖
𝐿BT
𝑖𝐿MS
𝑖𝛿MS
𝑖
𝜃MS
𝑖
𝐿MS
𝑖!𝑎MS
𝑖,
(11)
where 𝜖BT
𝑖and 𝜖MS
𝑖denote (𝛿BT
𝑖+𝛾BT
𝑖)and (𝛿MS
𝑖+𝛾MS
𝑖),
respectively. By solving (11) for 𝐿BT
𝑖,𝐼BT
𝑖,𝐿MS
𝑖, and 𝐼MS
𝑖, it
can be easily deduced that 𝑫(𝑡)is a non-trivial equilibrium of
the proposed model if and only if 𝑖∈ V:
𝐼BT
𝑖=𝑎BT
𝑖𝛿BT
𝑖𝜖MS
𝑖𝜃MS
𝑖
𝜖MS
𝑖𝜃MS
𝑖(𝜖BT
𝑖𝜃BT
𝑖+𝑎BT
𝑖𝜈BT
𝑖) + 𝑎MS
𝑖𝜖BT
𝑖𝜈MS
𝑖𝜃BT
𝑖
,
𝐼MS
𝑖=𝑎MS
𝑖𝛿MS
𝑖𝜖BT
𝑖𝜃BT
𝑖
𝜖MS
𝑖𝜃MS
𝑖(𝜖BT
𝑖𝜃BT
𝑖+𝑎BT
𝑖𝜈BT
𝑖) + 𝑎MS
𝑖𝜖BT
𝑖𝜈MS
𝑖𝜃BT
𝑖
,
𝐿BT
𝑖=𝑎BT
𝑖𝜃BT
𝑖𝜖MS
𝑖𝜃MS
𝑖
𝜖MS
𝑖𝜃MS
𝑖(𝜖BT
𝑖𝜃BT
𝑖+𝑎BT
𝑖𝜈BT
𝑖) + 𝑎MS
𝑖𝜖BT
𝑖𝜈MS
𝑖𝜃BT
𝑖
,
𝐿MS
𝑖=𝑎MS
𝑖𝜃BT
𝑖𝜖BT
𝑖𝜃MS
𝑖
𝜖MS
𝑖𝜃MS
𝑖(𝜖BT
𝑖𝜃BT
𝑖+𝑎BT
𝑖𝜈BT
𝑖) + 𝑎MS
𝑖𝜖BT
𝑖𝜈MS
𝑖𝜃BT
𝑖
,
(12)
where 𝜈BT
𝑖and 𝜈MS
𝑖represent (𝛿BT
𝑖+𝜃BT
𝑖)and (𝛿MS
𝑖+𝜃MS
𝑖),
respectively. Proof of the sufficient conditions for (12) to exist
has been excluded due to the page limitation. Nonetheless, we
refer the reader to [12] for details on a similar derivation.
In summary, Theorem 1 showed that the state of the network
model derived in (7) and (8) will always belong to Ω. If the
network approaches the trivial equilibrium 𝑬0on the long-run,
then the malware spread in the user population would eventually
die out leaving all devices susceptible. There however, exists
another unique equilibrium 𝑬at which some constant fraction
of the population will always remain infected. Hence, if the
4
(a) Time evolution of susceptible population. (b) Time evolution of latent population. (c) Time evolution of disruptive population.
Fig. 2: Transient and steady-state comparison between the proposed (𝑀1) and benchmark (𝑀2) models, where 𝑟BT =10 meters
and the initial number of infected users are 𝐿BT (0)=𝐿MS (0)=10 and 𝐼BT (0)=𝐼MS (0)=15 users as in [6] and [12].
TABLE I: Network simulation parameters and settings.
Transition rates Value
Latent infection rate, 𝛽𝐿BT (=𝛽𝐿MS )0.015
Disruptive infection rate, 𝛽𝐼BT (=𝛽𝐼MS)0.01
Latency rate, 𝛿BT (=𝛿MS)0.04
Latent user recovery rate, 𝛾BT (=𝛾MS)0.03
Infected user recovery rate, 𝜃BT (=𝜃MS )0.06
Initial latent users, 𝐿BT(0)=𝐿MS(0)10
Initial infected users, 𝐼BT (0)=𝐼MS (0)15
network reaches 𝑬, our model is capable of not only distin-
guishing latent users from disruptive users, but also identifying
the transmission protocol promoting the malware spread using
(12). In turn, such information allows for early and effective
implementation of cost-aware control measures.
IV. SIMULATION RESULTS AN D DISCUSSIONS
In this section, Monte Carlo and numerical simulations are
conducted to validate the accuracy of our model (𝑀1) derived
in (7) and (8). An arbitrary MSN of 𝑁=1000 mobile users is
implemented using the GEMFsim tool [14]. For comparison, we
consider 𝑁homogeneously mixing users distributed randomly
in a 100 ×100 geographical area with density 𝜎similar to
[6] as the benchmark. Unlike 𝑀1, where the user interactions
are governed by contact matrices 𝑨and 𝑩, all users in the
benchmark model (𝑀2) have equal probability to receive the
malware via MS while each infected user can contact 𝜎𝜋𝑟 2
BT
neighboring nodes in discoverable BT mode. It is noteworthy
to mention that 𝑀2is a limiting case of 𝑀1and the two models
would converge in the case of a fully connected network. Thus,
the 𝑀1approximation is more reliable for statistical analysis
of empirical data as it spans over a wider range of network
structures.
Without loss of generality, the transition rates for all 𝑖∈ V
are taken to be fixed by dropping the subscripts. That is to
say, 𝛽𝐿BT
𝑖=𝛽𝐿BT ,𝛽𝐿MS
𝑖=𝛽𝐿MS ,𝛽𝐼BT
𝑖=𝛽𝐼BT ,𝛽𝐼MS
𝑖=𝛽𝐼MS ,
𝛾BT
𝑖=𝛾BT,𝛾MS
𝑖=𝛾MS,𝛿BT
𝑖=𝛿BT,𝛿MS
𝑖=𝛿MS,𝜃BT
𝑖=𝜃BT, and
𝜃MS
𝑖=𝜃MS. To mimic the disruptive behavior of malware, we
also set 𝛽𝐿BT > 𝛽𝐼BT ,𝛽𝐿MS > 𝛽𝐼MS ,𝜃BT > 𝛾BT , and 𝜃MS > 𝛾MS as
in [12]. Unless explicitly specified, the simulation parameters
and initial network conditions are given in Table I.
Fig. 3: Time evolution of BT-mediated infection (𝐿BT +𝐼BT )for
different values of 𝑟BT.
Fig. 2 shows the population size distribution for each epi-
demic class with respect to time. In contrast to the exponential
decay exhibited by the benchmark model in Fig. 2a, the fraction
of susceptible mobile users decreases to a relatively lower value
of approximately 18% in steady-state. Such behavior can be
explained by the increase in users with latent infection through
both, BT and MS services shown in Fig. 2b. As evident in this
figure, the malware infects nearly 75% of the total population
at 𝑡=10 before stabilizing to a steady value of around 58%.
More specifically, for a BT transmission range of 𝑟BT =10
meters, 10% of the users experience infection latency via BT
and about 65% through MS service at 𝑡=10. In agreement with
the findings in [5], MS is therefore, more effective in spreading
the malware as the underlying contact graph is not limited to any
spatial constraints. While the population of latent users in Fig. 2b
increases rapidly to its maximum in the transient period before
slowly descending towards the infection-chronic equilibrium
point, Fig. 2c shows a gradual growth in the number of disruptive
users. This is a clear indication of the impact of infection latency
on delaying the disruptive phase of the malware in affected user
handsets. From these figures, we observe that the benchmark
either underestimates or overestimates the behavioral dynamics
of our malware model which is corroborated with results from
stochastic simulations (colored lines) averaged over 10 runs.
To highlight the contribution of wireless BT as a short-range
malware spreading vector, Fig. 3 compares the fraction of BT-
5
Fig. 4: Susceptible versus infected user populations w.r.t. 𝑟BT.
mediated infected mobile users (latent as well as disruptive) for
different 𝑟BT values with respect to time. For the same initial
conditions given in Fig. 2, the number of users affected by the
malware through BT enabled connections rises with increase in
the transmission range. In most portable devices equipped with
broadcast communication technology, the distance at which the
information can be exchanged reaches up to 50 meters, if the
devices are in direct line of sight of each other, and between
10 to 20 meters in buildings. Taking into account these extreme
cases, we observe that under ideal environmental conditions,
the malware proliferates over the network in lesser time when
𝑟BT is large. For instance, nearly 95% of the user devices in the
network host the malware before 𝑡=5when 𝑟BT =40 meters,
whereas a shorter range of 𝑟BT =10 meters would result in
less than 10% of the network being infected within the same
time period. Such behavior is due to the fact that increasing
𝑟BT would cover a wider area thus, more likely allowing the
malware to compromise a larger set of the susceptible users in
the defined proximity. As a result, the average connectivity of
each user increases which explains why our model coincides
with the benchmark for larger 𝑟BT values.
The stationary relationship between the susceptible and in-
fected user groups is illustrated under different settings of
𝑟BT in Fig. 4. As time progresses, the number of susceptible
users decreases with increase in infected users. By separating
latent users from disruptive users, the figure reveals that the
latent population increases at a faster rate in comparison to
the disruptive population. This is because disruptive malware
codes are more active in infecting neighboring users while in
their latent period and mainly distort the user data stored in
devices during the disruptive phase. The dynamics of the latent
and disruptive users about the viral equilibrium is also worth
noting. Unlike the latent population that reaches its maximum
before falling towards equilibrium 𝑬, the fraction of disruptive
users steeply rises. Moreover, increasing 𝑟BT further raises the
peak at which latent infection outbreak occurs. For example,
extending the BT range from 10 to 40 meters increases the
maximum population of latent users by nearly 21% which in
turn, suppresses the disruptive population growth as 𝛽𝐿BT > 𝛽𝐼BT
and 𝛽𝐿MS > 𝛽𝐼MS are specific only to disruptive malware.
Such distinctions are obscure in existing malware models that
undermine the impact of infection propagation latency.
V. CONCLUSION
In this paper, we introduced a modeling framework for
effective projection of disruptive malware epidemics in MSNs.
Unlike most existing virus epidemic models, we incorporated in-
fection delay specific to disruptive malware programs to differ-
entiate between the steady-state fraction of infected users in the
latent and disruptive stages. Specifically, we proposed a tractable
mean-field approximation model for the underlying Markovian
process to capture the impact of user-level interaction dynamics
on the spreading pattern of the malware through personal and
spatial social connections. By considering heterogeneity in the
state transition rates, global stability and existence of the system
equilibrium points were investigated to justify the steady-state
behavior, based on which more effective containment measures
can be devised. With respect to the benchmark model built
on uniform user interactions, we demonstrated that infection
latency can profoundly impact the accuracy of the proposed
model in not only assessing the spreading risks of the hybrid
malware via spatial and personal communication links in short
time, but also in optimizing investments needed to control the
spread by targeting devices that are in the latent infection stage.
REFERENCES
[1] X. Hu, T. H. S. Chu, V. C. M. Leung, E. C. Ngai, P. Kruchten, and H. C.
Chan, “A survey on mobile social networks: Applications, platforms,
system architectures, and future research directions,” IEEE Commun.
Surveys Tuts., vol. 17, no. 3, pp. 1557–1581, Third Quarter 2015.
[2] S. Peng, S. Yu, and A. Yang, “Smartphone malware and its propagation
modeling: A survey,IEEE Commun. Surveys Tuts., vol. 16, no. 2, pp.
925–941, Second Quart 2014.
[3] S. Sen, E. Aydogan, and A. I. Aysan, “Coevolution of mobile malware
and anti-malware,” IEEE Trans. Inf. Forensics Security, vol. 13, no. 10,
pp. 2563–2574, Oct. 2018.
[4] N. Abuzainab and W. Saad, “A multiclass mean-field game for thwarting
misinformation spread in the internet of battlefield things,” IEEE Trans.
Commun., vol. 66, no. 12, pp. 6643–6658, Dec. 2018.
[5] P. Wang, M. C. Gonz´
alez, C. A. Hidalgo, and A.-L. Barab´
asi, “Under-
standing the spreading patterns of mobile phone viruses,” Science, vol.
324, no. 5930, pp. 1071–1076, May 2009.
[6] S. Cheng, W. C. Ao, P. Chen, and K. Chen, “On modeling malware
propagation in generalized social networks,” IEEE Commun. Lett.,
vol. 15, no. 1, pp. 25–27, Jan. 2011.
[7] Q. Xu, Z. Su, K. Zhang, P. Ren, and X. S. Shen, “Epidemic information
dissemination in mobile social networks with opportunistic links,” IEEE
Trans. Emerg. Topics Comput., vol. 3, no. 3, pp. 399–409, Sep. 2015.
[8] M. Ogura and V. M. Preciado, “Stability of spreading processes over
time-varying large-scale networks,IEEE Trans. Netw. Sci. Eng., vol. 3,
no. 1, pp. 44–57, Jan. 2016.
[9] A. Dadlani, M. S. Kumar, M. G. Maddi, and K. Kim, “Mean-field
dynamics of inter-switching memes competing over multiplex social
networks,” IEEE Commun. Lett., vol. 21, no. 5, pp. 967–970, May 2017.
[10] F. Darabi Sahneh, C. Scoglio, and P. Van Mieghem, “Generalized
epidemic mean-field model for spreading processes over multilayer
complex networks,IEEE/ACM Transactions on Networking, vol. 21,
no. 5, pp. 1609–1620, Oct. 2013.
[11] L. Yang, X. Yang, and Y. Y. Tang, “A bi-virus competing spreading
model with generic infection rates,” IEEE Trans. Netw. Sci. Eng., vol. 5,
no. 1, pp. 2–13, Jan. 2018.
[12] Y. Wu, P. Li, L.-X. Yang, X. Yang, and Y. Y. Tang, “A theoretical
method for assessing disruptive computer viruses,Physica A, vol. 482,
pp. 325–336, Sep. 2017.
[13] P. V. Mieghem, Graph Spectra for Complex Networks. Cambridge
University Press, 2011.
[14] F. D. Sahneh, A. Vajdi, H. Shakeri, F. Fan, and C. Scoglio, “Gemfsim: A
stochastic simulator for the generalized epidemic modeling framework,
Journal of Computational Science, vol. 22, pp. 36–44, 2017.
... However, the model does not consider the chance of the nodes being infected again after the malware is removed which is possible as we already stated. Models developed for specific scenarios and environments can be also found for mobile wireless sensors networks (WSN) [19], [20], [35], [36]; mobile devices [21], [37]; social networks [22], [38]; IoT networks [23]; industrial control system (ICS) networks [24]. ...
... Finally, we apply the FVT represented in (21) to the previous equations to calculate the steady-state values. ...
Article
Full-text available
During COVID-19 the new normal became an increased reliance on remote connectivity, and that fact is far away to change any time soon. The increasing number of networked devices connected to the Internet is causing an exponential growth of botnets. Subsequently, the number of DDoS (Distributed Denial of Service) attacks registered around the world also increased, especially during the pandemic lockdown. Therefore, it is crucial to understand how botnets are formed and how bots propagate within networks. In particular, analytic modelling of the botnets epidemic process is an essential component for understanding DDoS attacks, and thus mitigate their impact. In this paper, we propose two analytic epidemic models; (i) the first one for enterprise Software Define Networks (SDN) based on the SEIRS (Susceptible - Exposed - Infected - Recovered) approach, while (ii) the second model is designed for service providers’ SDN, and it is based on a novel extension of a SEIRS-SEIRS vector-borne approach. Both models illustrate how bots spread in different types of SDN networks. We found that bot infection behaves in a similar way to human epidemics, such as the novel COVID-19 outbreak. We present the calculation of the basic reproduction number Ro for both models and we test the system stability using the next generation matrix approach. We have validated the models using the final value theorem (FVT), with which we can determine the steady-state values that provide a better understanding of the propagation process.
... Q UANTITATIVE analysis of epidemic processes such as infectious diseases, malware codes, and rumors spreading over physical and online social networks (SNs) has stimulated intense research activities [1], [2]. Owing to the pervasive use of social media and the abundance of data extracted from several such networks, which for long were merely unavailable, the theoretical perception of epidemic dynamics driven by nodal interactions has refined substantially in recent years [3], [4]. While the vast majority of research has scrutinized only positive social relationships, user pairs may also signify enmity or distrust as perceived in reality. ...
Article
Full-text available
Prediction and control of spreading processes in social networks (SNs) are closely tied to the underlying connectivity patterns. Contrary to most existing efforts that exclusively focus on positive social user interactions, the impact of contagion processes on the temporal evolution of signed SNs (SSNs) with distinctive friendly (positive) and hostile (negative) relationships yet, remains largely unexplored. In this paper, we study the interplay between social link polarity and propagation of viral phenomena coupled with user alertness. In particular, we propose a novel energy model built on Heider's balance theory that relates the stochastic susceptible-alert-infected-susceptible epidemic dynamical model with the structural balance of SSNs to substantiate the trade-off between social tension and epidemic spread. Moreover, the role of hostile social links in the formation of disjoint friendly clusters of alerted and infected users is analyzed. Using three real-world SSN datasets, we further present a time-efficient algorithm to expedite the energy computation in our Monte-Carlo simulation method and show compelling insights on the effectiveness and rationality of user awareness and initial network settings in reaching structurally balanced local and global network energy states.
... Q UANTITATIVE analysis of epidemic processes such as infectious diseases, malware codes, and rumors spreading over physical and online social networks (SNs) has stimulated intense research activities [1], [2]. Owing to the pervasive use of social media and the abundance of data extracted from several such networks, which for long were merely unavailable, the theoretical perception of epidemic dynamics driven by nodal interactions has refined substantially in recent years [3], [4]. While the vast majority of research has scrutinized only positive social relationships, user pairs may also signify enmity or distrust as perceived in reality. ...
Preprint
Full-text available
Prediction and control of spreading processes in social networks (SNs) are closely tied to the underlying connectivity patterns. Contrary to most existing efforts that exclusively focus on positive social user interactions, the impact of contagion processes on the temporal evolution of signed SNs (SSNs) with distinctive friendly (positive) and hostile (negative) relationships yet, remains largely unexplored. In this paper, we study the interplay between social link polarity and propagation of viral phenomena coupled with user alertness. In particular, we propose a novel energy model built on Heider's balance theory that relates the stochastic susceptible-alert-infected-susceptible epidemic dynamical model with the structural balance of SSNs to substantiate the trade-off between social tension and epidemic spread. Moreover, the role of hostile social links in the formation of disjoint friendly clusters of alerted and infected users is analyzed. Using three real-world SSN datasets, we further present a time-efficient algorithm to expedite the energy computation in our Monte-Carlo simulation method and show compelling insights on the effectiveness and rationality of user awareness and initial network settings in reaching structurally balanced local and global network energy states.
Article
Motivated by the ongoing pandemic COVID-19, we propose a closed-loop framework that combines inference from testing data, learning the parameters of the dynamics and optimal resource allocation for controlling the spread of the susceptible-infected-recovered (SIR) epidemic on networks. Our framework incorporates several key factors present in testing data, such as the fact that high risk individuals are more likely to undergo testing. We then present two tractable optimization problems to evaluate the trade-off between controlling the growth-rate of the epidemic and the cost of non-pharmaceutical interventions (NPIs). We illustrate the significance of the proposed closed-loop framework via extensive simulations and analysis of real, publicly-available testing data for COVID-19. Our results illustrate the significance of early testing and the emergence of a second wave of infections if NPIs are prematurely withdrawn.
Article
Full-text available
Mobile malware is one of today’s greatest threats in computer security. Furthermore, new mobile malware is emerging daily that introduce new security risks. However, whilst existing security solutions generally protect mobile devices against known risks, they are vulnerable to as yet unknown risks. How anti-malware software reacts to new, unknown malicious software is generally difficult to predict. Therefore, anti-malware software is in continuous development in order to be able to detect new malware or new variants of existing malware. Similarly, as long as anti-malware software develops, malware writers also develop their malicious code by using various evasion strategies such as obfuscation and encryption. This is the lifecycle of malicious and anti-malware software. In this study, the use of evolutionary computation techniques are investigated, both for developing new variants of mobile malware which successfully evades anti-malware systems based on static analysis and for developing better security solutions against them automatically. Coevolutionary arms race mechanism has always been considered a potential candidate for developing a more robust system against new attacks and for system testing. To the best of the authors’ knowledge, this study is the first application of coevolutionary computation to address this problem. IEEE
Article
Full-text available
In this paper, the problem of misinformation propagation is studied for an Internet of Battlefield Things (IoBT) system in which an attacker seeks to inject false information in the IoBT nodes in order to compromise the IoBT operations. In the considered model, each IoBT node seeks to counter the misinformation attack by finding the optimal probability of accepting a given information that minimizes its cost at each time instant. The cost is expressed in terms of the quality of information received as well as the infection cost. The problem is formulated as a mean-field game with multiclass agents which is suitable to model a massive heterogeneous IoBT system. For this game, the mean-field equilibrium is characterized, and an algorithm based on the forward backward sweep method is proposed to find the mean-field equilibrium. Then, the finite IoBT case is considered, and the conditions of convergence of the Nash equilibria in the finite case to the mean-field equilibrium are presented. Numerical results show that the proposed scheme can achieve a 1.2-fold increase in the quality of information (QoI) compared to a baseline scheme in which the IoBT nodes are always transmitting. The results also show that the proposed scheme can reduce the proportion of infected nodes by 99% compared to the baseline.
Article
Full-text available
This letter characterizes the intertwined behavior of a Susceptible-Infected-Susceptible (SIS) epidemic model involving multiple mutually-exclusive memes, each competing over distinct contact planes of an undirected multi-layer social network, with the possibility of inter-switching. Based on mean-field theory, we contrast and derive closed-form analytical expressions for the steady-state thresholds that govern the transitions between extinction, coexistence , and absolute dominance of the inter-switchable memes. Moreover, a non-linear optimization formulation is presented to determine the optimal budget allocation for controlling the switching rates to a particular co-existing meme. Validated by simulations, the impact of switching on the tipping thresholds and their implications in reality are demonstrated using data extracted from online social networks.
Article
Full-text available
The recently proposed generalized epidemic modeling framework (GEMF) \cite{sahneh2013generalized} lays the groundwork for systematically constructing a broad spectrum of stochastic spreading processes over complex networks. This article builds an algorithm for exact, continuous-time numerical simulation of GEMF-based processes. Moreover the implementation of this algorithm, GEMFsim, is available in popular scientific programming platforms such as MATLAB, R, Python, and C; GEMFsim facilitates simulating stochastic spreading models that fit in GEMF framework. Using these simulations one can examine the accuracy of mean-field-type approximations that are commonly used for analytical study of spreading processes on complex networks.
Article
Due to widespread applications, the multi-virus competing spreading dynamics has recently aroused considerable interests. To our knowledge, all previous competing spreading models assume infection rates that are each linear in the virus occupancy probabilities of the individuals in a population. As linear infection rates are overestimation of real infection rates, in some situations these models cannot accurately predict the spreading process of multiple competing viruses. This work takes the first step toward enhancing the accuracy of multi-virus competing spreading models. A continuous-time bilayer-network-based bi-virus competing spreading model with generic infection rates is proposed. Criteria for the extinction of both viruses and for the survival of only one virus are presented, respectively. Numerical examples show that (1) if the generic bi-virus spreading model with linear infection rates predicts that the fraction of nodes infected with some virus would approach zero, the prediction of the fraction is accurate, and (2) if the scenario-relevant generic infection rates could be estimated accurately, the resulting model would be able to accurately forecast the evolutionary process of a pair of competing viruses.
Article
To assess the prevalence of disruptive computer viruses in the situation that every node in a network has its own virus-related attributes, a heterogeneous epidemic model is proposed. A criterion for the global stability of the virus-free equilibrium and a criterion for the existence of a unique viral equilibrium are given, respectively. Furthermore, extensive simulation experiments are conducted, and some interesting phenomena are found from the experimental results. On this basis, some policies of suppressing disruptive viruses are recommended.
Article
We analyze the dynamics of spreading processes taking place over time-varying networks. A common heuristic is to use an aggregated static network based on time averages. Instead, we introduce a flexible and tractable random graph process that extends the family of Markovian random graphs (MRG). One of the main limitations of MRG's is that it can only replicate switching patterns with exponential inter-switching times. To overcome this limitation, we propose the family of aggregated-Markovian random graph processes, which is able to replicate, with arbitrary accuracy, any distribution of inter-switching times. We study the stability spreading processes in this extended family. We first show that a direct analysis based on the It\^o formula provide conditions in terms of the eigenvalues of a matrix whose size grows exponentially with the number of edges. Using alternative tools, we derive stability conditions involving the eigenvalues of a matrix whose size grows linearly with the number of nodes. Based on our results, we show that the aggregated static network approximates the epidemic threshold more accurately as the number of nodes grows, or the temporal volatility of the random graph process is reduced. Apart from these theoretical results, we illustrate our findings via numerical simulations.
Article
With the advancement of smartphones, mobile social networks (MSNs) have emerged where information can be shared among mobile users via opportunistic peer-to-peer links. Since the social ties and users’ behaviors in MSNs have diverse characteristics, the information dissemination in MSNs becomes a new challenge. In particular, mobile users’ interested information may vary, which can significantly affect the information dissemination. In this paper, we develop an analytical model to analyze the epidemic information dissemination in MSNs. We first adopt preimmunity and immunity to represent the features of mobile nodes when they change their interests. Then, the information dissemination mechanism is introduced with four proposed dissemination rules according to the process of the epidemic information dissemination. We develop the analytical model through ordinary differential equations to mimic epidemic information dissemination in MSNs. The trace-driven simulation demonstrates that our analytical model is more accurate to mimic epidemic information dissemination than other existing ones.
Article
Mobile social networks (MSNs) have become increasingly popular in supporting many novel applications since emerging in the recent years. Their applications and services are of great interest to service providers, application developers, and users. This paper distinguishes MSNs from conventional social networks, and provides a comprehensive survey of MSNs with regard to platforms, solutions, and designs of the overall system architecture. We review the popular MSN platforms and experimental solutions for existing MSN applications and services, and present the dominant mobile operating systems on which MSNs are implemented. We then analyze and propose the overall architectural designs of conventional and future MSN systems. In particular, we present the architectural designs from two perspectives: from the client side to the server side, and from the wireless data transmission level to the terminal utilization level. We further introduce and compare the unique features, services, and key technologies of two generations of architectural designs of MSN systems. Then, we classify the existing MSN applications and propose one special form of MSN - vehicular social network, and demonstrate its unique features and challenges compared to common MSNs. Finally, we summarize the major challenges for on-going MSN research and outline possible future research directions.
Article
Smartphones are pervasively used in society, and have been both the target and victim of malware writers. Motivated by the significant threat that presents to legitimate users, we survey the current smartphone malware status and their propagation models. The content of this paper is presented in two parts. In the first part, we review the short history of mobile malware evolution since 2004, and then list the classes of mobile malware and their infection vectors. At the end of the first part, we enumerate the possible damage caused by smartphone malware. In the second part, we focus on smartphone malware propagation modeling. In order to understand the propagation behavior of smartphone malware, we recall generic epidemic models as a foundation for further exploration. We then extensively survey the smartphone malware propagation models. At the end of this paper, we highlight issues of the current smartphone malware propagation models and discuss possible future trends based on our understanding of this topic.