• [ Pobierz całość w formacie PDF ]
    An Epidemic Model of Mobile Phone Virus
    Hui Zheng
    1
    , Dong Li
    2
    , Zhuo Gao
    3
    1
    Network Research Center, Tsinghua University,
    P. R. China
    zh@tsinghua.edu.cn
    2
    School of Computer Science and Technology,
    Huazhong University of Science and Technology, P. R. China
    lidong@hust.edu.cn
    3
    Department of Physics, Beijing Nomarl University,
    P. R. China
    zhuogao@bnu.edu.cn
    Abstract
    Worm broke out in 2001, common hardware of
    computers in Internet was as same as the configuration
    in table 1. With the comparison in table 1, we can see
    that smart phone presently has already possessed
    hardware condition for computer virus spreading.
    Table 1. Hardware comparing between smart phone
    and
    desk-top personal computer
    Hardware
    Considering the characteristics of mobile network,
    we import three important parameters: distribution
    density of mobile phone, coverage radius of Bluetooth
    signal and moving velocity of mobile phone to build an
    epidemic model of mobile phone virus which is different
    from the epidemic model of computer worm. Then
    analyzing different properties of this model with the
    change of parameters; discussing the epidemic
    threshold of mobile phone virus; presenting suggestions
    of quarantining the spreading of mobile phone virus.
    2005(dop
    od 828)
    1998 PC
    1999 PC
    CPU
    Intel
    416MHz
    Pentium

    333MHz
    Pentium III
    450MHz[3]
    Memory
    128M
    32M
    64M
    Hard Disk
    2G~8G
    2G
    6G
    Keywords:
    Mobile Phone Virus, Epidemic Model,
    Security of Wireless Network, Bluetooth, Smart Phone.
    The development and popularization of smart phone
    are both very fast. According to the statistics of ARC,
    in 2004 the sum of smart phone is 27,000,000,
    accounting for 3% of the global amount of mobile
    phones. IDC estimates that the sum of smart phone will
    reach up to 130,000,000 by 2008 and account for 15%
    of the global amount of mobile phones [4]. So we
    should pay much attention to the security of smart
    phone.
    In this paper, “smart phone” is one smart mobile
    terminal device with the integrated ability of data
    transmission, processing and communication; “mobile
    phone virus” is a malicious code that can spread
    through all kinds of smart mobile terminal devices. As
    to the security research, though we can refer to the
    security research results in MANETs (Mobile Ad Hoc
    Networks), MANETs and Sensor network emphasize
    that resource is finite and all the problems about
    application and security should be restricted to this
    precondition [12]. Smart mobile terminal device
    emphasizes that resource is abundant, even possess the
    same computing ability as desk-top personal computer.
    So for these two security problems, the starting points
    of research are different. Recently, paper [5]
    demonstrates that traditional epidemic model of
    computer virus can’t be applied to virus spreading in
    1. Introduction
    The first computer virus that attacks mobile phone is
    VBS. Timofonica which was found on May 30, 2000
    [1]. This virus spreads through PCs, but it can use the
    message service of moviestar.net to send out rubbish
    short messages to its subscriber. It is propagandized as
    mobile phone virus by the media, but in fact it’s only a
    kind of computer virus and can’t spread through mobile
    phone which is the only attacked object. Cabir Cell
    Phone Worm which was found on June 14, 2000 is
    really a mobile phone virus [2]. It spreads from one cell
    phone to another by Bluetooth. Now it is found in more
    than 20 countries and has more than 7 variants. Cabir
    has the characteristic of initiative spreading and this
    pattern will be mostly adopted by “mobile phone virus”
    in the future.
    Table 1 lists the comparison between configuration
    of smart phone and computer. This table presents the
    most advanced desk-top computer configuration in
    1998 and 1999. Generally, it takes 2 to 3 years for
    computer with the most advanced configuration to
    become popular. That is to say, when the Code Red
    1
     mobile environment and the epidemic model when the
    mobile phone moves with variable velocity is also
    discussed. But in a small area, uniform motion accords
    with the sport law of human being preferably. What’s
    more, some important parameters such as distribution
    density and signal coverage radius are not imported to
    the model. Paper [6] compares to the required condition
    of virus spreading in computer and gives the
    corresponding required condition of virus spreading in
    MANETs by simulation.
    This paper first discusses several spreading modes of
    mobile phone virus; The second section builds the
    epidemic model of mobile phone virus which imports 3
    parameters: moving velocity, signal coverage radius
    and distribution density; The third section analyses
    some relevant characteristics of this model; the fourth
    section compares the epidemic model of mobile phone
    virus with the epidemic model of Internet worm and
    discusses the threshold of mobile phone virus breaking
    out. At last, we make some discussions.
    2. The spreading way of mobile phone virus
    Though paper [7~8] presents many examples of
    “mobile phone virus”, many of them are not able to
    spread, so they are not real mobile phone virus.
    According to analysis of all kinds of epidemic
    malicious codes which have been found, such as Cabir
    [2], Commwarrior [9], Brador [10], Skull [11] etc, we
    can define mobile phone virus: it is a piece of data or
    program that spreads among smart mobile terminal
    devices by the communication interfaces and can
    influence the usage of handset or leak out sensitive data.
    Through the analysis of spreading way, we can
    conclude table 2:
    Table 2. Spreading way of mobile phone virus
    Wireless spreading
    channel
    Spreading
    distance
    Spreading direction
    Way of discovering
    neighbor nodes
    Relay
    (Yes or No)
    GPRS/CDMA 1XRTT
    1000m
    Non-directional
    Appointed
    Yes
    Wi-Fi(802.11)
    100m
    Non-directional
    Appointed
    Yes
    Bluetooth
    10m
    Non-directional
    Automatic
    No
    IrDA
    1m
    Directional
    Automatic
    No
    For the mobile phone virus that can spread by MMS
    and E-mail, it can transmit data by GPRS and Wi-Fi; for
    the mobile phone virus that spread by electronic file, it
    can transmit data by Bluetooth and IrDA. Although
    there are four wireless transmission ways, some need
    relay nodes or directional angle, so Bluetooth is the best
    choice for virus writer.
    In this model, we mainly consider those mobile
    phone viruses that spread through Bluetooth. For other
    ways of transmission, we will build the model in other
    papers.
    Then we can build the epidemic model of mobile
    phone virus:
    dI
    I
    =
    I
    ((
    r
    2
    +
    2
    r
    v
    )
    1
    I
    dt
    Suppose:
    2
    a
    =
    (
    r
    +
    2
    rv
    )

    2
    (
    r
    +
    2
    rv
    )
    b
    =

    Then the differential equation is

    3. The epidemic model of mobile phone
    propagating
    dI
    =
    aI
    bI
    2

    dt
    The solution is

    Supposing mobile phone has two statuses:
    Susceptible and infected. The infected will come back
    to susceptible with certain probability. In table 3, we
    define some symbols:
    at
    +
    c
    ae
    I
    =
    1

    at
    +
    c
    +
    be
    , the initial value of
    c
    is a constant.
    For
    I
    (
    t
    )
    a

    then
    <
    0
    Table 3. Symbol definition
    We can conclude from the solution: if
    Symbol
    Instructions
    a
    I
    0
    a
    >
    0
    , and if
    , then
    .
    I
    b
    moving space of mobile phone (2-dimmension)
    distribution density of mobile phone (uniform
    distribution)
    4. Analysis of model properties
    v
    moving velocity of mobile phone (uniform
    velocity)
    The changes of model properties with changes of
    different parameters are researched. Table 4 presents
    the range of parameters.
    r
    coverage radius of Bluetooth signal
    I
    The number of virus in mobile phone at time t
    epidemic rate of mobile phone virus propagating
    resuming rate of the infected
    2
     Table 4. The range of parameters
    Symbol
    Instruction
    Range
    Relationship between ditribution
    density and spreading time
    moving space of mobile
    phone (2-dimmension)
    1000m * 1000m
    2000
    0.001~0.1/m
    2
    distribution density of
    mobile phone (uniform
    distribution)
    1500
    1000
    v
    moving velocity of
    mobile phone (uniform
    velocity)
    2m/s
    500
    0
    r
    coverage radius of
    Bluetooth signal
    10m
    epidemic rate of mobile
    phone virus
    0.75
    distribution density
    resuming rate of
    infected
    0.025
    Figure 2. Relationship between distribution density
    and spreading time
    I
    The number of initial
    infected mobile phones
    5
    4.2. Influence of coverage radius to virus
    spreading
    4.1. Influence of distribution density to virus
    spreading
    Considering the range of coverage radius of
    Bluetooth signal r varies from 5m to 15m. Distribution
    density of mobile phone is 0.005. Figure 3 is the
    relationship of coverage radius and percentage of the
    infected, which presents the influence of coverage
    radius to virus spreading.
    From these we can see that mobile phone virus can’t
    spread when coverage radius is very small. If it spreads,
    the infection percentage will change with coverage
    radius.
    The connotative subject condition of equation
    1
    >
    is
    , mobile phone virus is able to
    (
    r
    2
    +
    2
    r
    v
    )
    spread when this condition is satisfied. Figure 1 shows
    the relationship between distribution density and
    infection percentage. When the subject condition is not
    satisfied, infection percentage is 0; when the subject
    condition is satisfied, the infection percentage is very
    sensitive to the change of distribution density, the small
    change of distribution density can lead to great
    improvement proportion of the infected.
    Ralationship between coverage radius
    and infection percentage
    1
    Relationship of distribution density and infection
    percentage
    0.8
    1
    0.6
    0.4
    0.8
    0.2
    0.6
    0
    0.4
    0.2
    0
    coverage radius
    Figure 3. Relationship between coverage radius and
    infection percentage
    distribution density(number of mobile
    phone in one unit area

    Figure 1. Relationship of distribution density and
    infection percentage
    Figure 4 is the relationship between coverage radius
    and spreading time, it presents the influence of coverage
    radius to spreading velocity. Virus can’t spread when
    coverage radius is very small. Spreading velocity is
    very sensitive to the changes of coverage radius.
    Figure 2 is the relationship between distribution
    density and spreading time. It shows the influence of
    distribution density to moving velocity. Mobile phone
    virus can’t spread when distribution density is small.
    Spreading time that the infection of mobile phone virus
    gets to equilibrium reflects the spreading velocity of
    virus. From these we can see that spreading velocity is
    very sensitive to the change of distribution density.
    3
     Relationship between moving velocity
    and spreading time
    Ralationship between coverage radius and
    spreading time
    Density=0.005
    1000
    2500
    800
    2000
    Density=0.0035
    600
    1500
    400
    1000
    200
    500
    0
    0
    coverage radius
    moving velocity
    Figure 4. Ralationship between coverage radius and
    spreading time
    Figure 6. Relationship between moving velocity and
    spreading time
    4.3. Influence of moving velocity to virus
    spreading
    The time that virus file transfers from one mobile
    phone to another is
    T
    , the discussion above supposes
    that the moving of mobile phone has no influence to
    virus spreading. If we take into account the influence of
    moving velocity of mobile phone, we can add one
    Assuming distribution density of mobile phone is
    0.0035, the range of moving velocity is 1m/s~30m/s,
    figure 5 is the relationship between moving velocity and
    infection percentage, it presents the influence of moving
    velocity to the spreading of mobile phone virus. For the
    small distribution density of mobile phone and typical
    coverage radius, speeding the moving velocity can
    result in the spreading of the virus which can’t spread
    before.
    r
    v
    <
    subject condition:
    . When this condition is
    T
    f
    satisfied, virus can spread. When this condition is not
    satisfied, that is to say, mobile phone moves too fast,
    then the time that virus stay in the coverage area of
    signal is too short, virus can’t spread.
    5. Results of comparison with epidemic
    models of worm
    Ralationship between moving velocity
    and infenction percentage
    The corresponding epidemic model of worm in
    computer network can be expressed as [13]:
    1
    0.8
    0.6
    dI
    Density=0.0035
    =
    I
    (
    I
    )
    I
    0.4
    dt
    0.2
    is the sum of computer
    and it is a fixed value in short time. The threshold of its
    spreading is:
    In computer network,
    0
    . If this condition is satisfied,
    <
    moving velocity
    Figure 5. Relationship between moving velocity and
    infection percentage
    worm can spread. This condition can be satisfied easily.
    Different from the spreading threshold of computer
    virus, the spreading threshold of mobile phone virus is
    subject to coverage radius of wireless signal, moving
    velocity and distribution density. According to the
    stabilized solution of differential equation, we can see:
    if
    Figure 6 is the relationship between moving velocity
    and spreading time. It presents the influence of moving
    velocity to spreading velocity. From this figure we can
    see that increasing of moving velocity can speed up the
    spreading of virus.
    , then
    I
    0
    ;
    a
    <
    0
    for
    2
    a
    =
    (
    r
    +
    2
    rv
    )
    ,
    we can get a new threshold:
    2
    <
    (
    r
    +
    2
    r
    v
    )
    1
    .
    When this condition is satisfied, virus will break out;
    if this condition is not satisfied, virus can’t break out.
    4
     From these we can see: the condition that mobile
    phone virus breaks out is much more rigorous than
    worm in computer network. So the probability of that
    mobile phone virus breaks out in large area is very
    small, but it is possible in local area.
    [6] Robert G. Cole, Nam Phamdo, Moheeb A. Rajab, Andreas
    Terzis. Requirements on Worm Mitigation Technologies in
    MANETs. Proceedings of the Workshop on Principles of
    Advanced and Distributed Simulation (PADS’05).
    [7] Shi-an Wang. Principle and Defense of Mobile Phone
    Virus. Journal of Dal ian Institute of Light Industry, 23(1): 74-
    76, 2004. (in Chinese)
    [8] Kai Li, Hao Chen. Virus Threats to GSM Mobile Phones.
    China Information Security, 7:226-228, 2005. (in Chinese)
    [9] Mikko Hypponen, Jarno Niemela. F-Secure Virus
    Descriptions Commwarrior. A. March 7
    th
    , 2005.http://www.f-
    secure.com/v-descs/commwarrior.shtml
    [10] Viruslist-Backdoor. WinCE.Brador, a Viruslist. Aug 5
    th
    ,
    2004. http://www.viruslist. com/en/viruslist.html?id=1984055
    [11] Dan Ilet and Matt Hines. Skulls program carries Cabir
    worm into phones. Techrepublic. Nov 30
    th
    , 2004.
    http://techrepublic.com /5100-22_11-5471004.html
    [12] Sang ho Kim, Choon Seong Leem. Security Threats and
    Their Countermeasures of Mobile Portable Computing
    Devices in Ubiquitous Computing Environments. ICCSA
    2005, LNCS 3483, pp. 79 – 85, 2005.
    [13] J. Kephart and S. White. Directed-graph epidemiological
    models of computer viruses. In Proceedings of the IEEE
    Computer Symposium on Research in Security and Privacy,
    pages 343–359, May 1991.
    [14] Bettstetter, H. Hartenstein, and X. Perez-Costa.
    Stochastic Properties of the Random Waypoint Mobility
    Model. ACM/ Kluwer Wireless Networks, 10(5):555–567,
    September 2004.
    6. Conclusions
    Because of the mobility, mobile phone has some
    relevant characteristics: moving velocity, moving scope
    etc, which make the epidemic model of mobile phone
    virus very different from the model of computer virus
    and worm.
    We can make use of stochastic mobile model (such
    as Random Waypoint model, Random Direction model
    [14]) to build spreading model of mobile phone virus.
    But these stochastic models have some limitations and
    can’t accord with the fact preferably. For simplification
    of this problem, we build this model with uniform
    motion.
    Through the analysis of this model, we can conclude
    some measures of quarantining mobile phone virus:
    reducing coverage radius, such as reducing signal
    power, or interfering signal etc; decreasing moving
    velocity, such as restricting the flowage of person;
    lessening distribution density of mobile phone, such as
    controlling the moving area of someone with mobile
    phone; these measures have distinct differences with the
    usual ways of quarantining mobile phone virus
    spreading.
    Acknowledgement
    This work is supported in part by National Science
    Foundation of China under contract 60203004; by
    High-Tech Program (863) of China under contract
    2003AA142080. Points of view in this document are
    those of the authors and do not necessarily represent the
    official position of Tsinghua University, Huazhong
    University of Science and Technology, or Beijing
    Nomarl University.
    References
    [1] Symantec. VBS.Timofonica.
    http://www.symantec.com/avcenter/venc/data/vbs.timofonica.
    html
    [2] Symantec. SymbOS.Cabir.
    http://securityresponse.symantec.com/avcenter/venc/data/sym
    bos.cabir.html
    [3] History of Computer Development.
    http://www.net130.com/2004/5-28/20344-4.html. (in Chinese)
    [4] Neal Leavitt. Mobile Phones, The Next Frontier for
    Hackers. IEEE Computer, 38(4): 20-23, 2005.
    [5] James W. Mickens, Brian D. Noble. Modeling Epidemic
    Spreading in Mobile Environments. WiSE’05, September 2
    nd
    ,
    2005, Cologne, Germany.
    5
    [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • wzory-tatuazy.htw.pl