Yong Li,Pan Hui,Depeng Jin,Li Su,Lieguang Zeng

DOI: https://doi.org/10.1109/TMC.2012.255

IF: 6.075

2014-01-01

IEEE Transactions on Mobile Computing

Abstract:As malware attacks become more frequently in mobile networks, deploying an efficient defense system to protect against infection and to help the infected nodes to recover is important to prevent serious spreading and outbreaks. The technical challenges are that mobile devices are heterogeneous in terms of operating systems, the malware infects the targeted system in any opportunistic fashion via local and global connectivity, while the to-be-deployed defense system on the other hand would be usually resource limited. In this paper, we investigate the problem of how to optimally distribute the content-based signatures of malware, which helps to detect the corresponding malware and disable further propagation, to minimize the number of infected nodes. We model the defense system with realistic assumptions addressing all the above challenges that have not been addressed in previous analytical work. Based on the framework of optimizing the system welfare utility, which is the weighted summation of individual utility depending on the final number of infected nodes through the signature allocation, we propose an encounter-based distributed algorithm based on Metropolis sampler. Through theoretical analysis and simulations with both synthetic and realistic mobility traces, we show that the distributed algorithm achieves the optimal solution, and performs efficiently in realistic environments.

Yong Li,Yu Gong,Depeng Jin,Li Su,Lieguang Zeng,Pan Hui

DOI: https://doi.org/10.1145/1942268.1942286

2010-01-01

Abstract:As malware attacks become more popular in mobile handsets formed Delay Tolerant Networks (DTN), deploying an efficient defense system for helping the infected nodes to kill the malwares is important to prevent serious spreading and outbreak. In reality, the handset devices are heterogeneous in terms of operate systems, the malwares infect the targeted system in any opportunistic ways via local and global connectivity, while the to-be-deployed defense system is usually resource-limited. These points makes this problem technically challenging. In this paper, we investigate the problem of optimal malware defense system deployment with realistic assumptions that specific types of malwares can only infect the targeted system and the capacity of the defense system is limited, which are usually ignored in previous analytical work for simplicity reason. Based on the proposed framework of optimizing the anti-malware software allocation for the defense system, we give a greedy algorithm to obtain the optimal solution.

Chengcheng Zhao,Jianping He,Jiming Chen

DOI: https://doi.org/10.1109/tsipn.2017.2742859

2017-01-01

IEEE Transactions on Signal and Information Processing over Networks

Abstract:This paper investigates the problem of resilient consensus under malicious attacks for multiagent systems. Compared with most of existing works, a more general attack model is considered, where malicious agents can neighbor and collude with each other and the number of tolerable attacks is not limited by the network connectivity, which makes the problem more challenging. To solve this problem, we exploit the mobile agents as the detectors, and design the resilient consensus algorithm with mobile detectors (MRCA). MRCA includes basic average iteration process and the detection algorithms of both static and mobile agents. We prove that under MRCA, malicious agents will be detected by mobile agents and isolated by normal agents in finite time in expectation and thus the convergence can be achieved. We also show that MRCA can tolerate neighboring malicious attacks and the number of tolerable attacks is not limited by the network connectivity. Simulations are conducted to demonstrate the effectiveness of MRCA and validate the correctness of the theoretical results.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Ye Guo,Miaoliang Zhu

DOI: https://doi.org/10.1109/WiCOM.2006.296

2006-01-01

Abstract:The current worm defense system cannot provide a safe mobile network against malicious worms. In this paper, we propose a fast vaccine distribution mechanism in Agent-Oriented Worm Defense System for mobile network. By this mechanism, the agents travel in a parallel and concurrent manner in the network by self-replicating approach, which tremendously improves the vaccine distributing efficiency. Several key technologies are discussed and the performance is analyzed

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Hadeer Elsemary,Dieter Hogrefe

DOI: https://doi.org/10.1007/978-3-319-26690-9_43

2015-11-10

Abstract:Device-to-Device (D2D) communications are foreseen to be an essential part of internet of things in the near future. Multi-hop D2D communication plays an essential role for exchanging messages and sharing information from disconnected areas as well as highly congested network. In fact, many research works are focusing on the connectivity while the security issue remains a significant challenge. Today, mobile devices are capable of initiating advanced security attacks without passing through a powerful centralized entity, especially malware attacks. Malware attacks formalize security risk that threatens the mobile network. However, the existing security schemes for malware attacks are not efficient as well as the tracking and isolating of infected devices remains very challenging. A major concern is that the malware attacks are happening at rate far exceeding the evolution of security techniques. As a first step toward thwarting the success of the malware attacks, we seek to mitigate the mobile infection. In this paper, we propose Malware-defense Secure Routing (MSR) based on zero-sum static Bayesian game. The protocol aims at mitigating the mobile infection by detecting malware attached to message before it infects the device. As this game achieves Nash equilibrium, and leads to an optimal infection-defense strategy for the network. Through simulation we evaluate the proposed routing protocol in terms of the percentage of the detected malicious messages. Results show that our protocol significantly increases the chance of success in infection-defense strategy for D2D network.

XiaoMing Wang,ZaoBo He,XueQing Zhao,Chuang Lin,Yi Pan,ZhiPeng Cai

DOI: https://doi.org/10.1007/s11432-013-4977-4

2013-01-01

Science China Information Sciences

Abstract:Mobile Wireless Sensor Networks (MWSNs) are employed in many fields, such as intelligent transportation, community health monitoring, and animal behavior monitoring. However, MWSNs may be vulnerable to malicious interference because of the large-scale characteristics. One of the threats is to inject malware into some nodes, especially mobile nodes. When a contaminated node communicates with its neighbors, multiple copies of the malware are transmitted to its neighbors, which may destroy nodes, block regular communications, or even damage the integrity of regular data packets. This work develops a modeling framework which mathematically characterizes the process of malware propagation in MWSNs based on the theory of reaction-diffusion equation. Our proposed model can efficiently predict the temporal dynamic behavior and spatial distribution of malware propagation over time, so that targeted immunization measures can be taken on infected nodes, whereas most of the existing models for malware propagation can only predict the temporal dynamic behavior rather than the spatial distribution of malware propagation over time. We conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. The simulation results indicate that the proposed model and method are efficient, and that the mobile speed, communication range, and packet transmission rate of nodes are the main factors affecting malware propagation in MWSNs.

Mousa Tayseer Jafar,Lu-Xing Yang,Gang Li,Xiaofan Yang

2024-01-20

Abstract:The rapid proliferation of Internet of Things (IoT) devices in recent years has resulted in a significant surge in the number of cyber-attacks targeting these devices. Recent data indicates that the number of such attacks has increased by over 100 percent, highlighting the urgent need for robust cybersecurity measures to mitigate these threats. In addition, a cyber-attack will begin to spread malware across the network once it has successfully compromised an IoT network. However, to mitigate this attack, a new patch must be applied immediately. In reality, the time required to prepare and apply the new patch can vary significantly depending on the nature of the cyber-attack. In this paper, we address the issue of how to mitigate cyber-attacks before the new patch is applied by formulating an optimal control strategy that reduces the impact of malware propagation and minimise the number of infected devices across IoT networks in the smart home. A novel node-based epidemiological model susceptible, infected high, infected low, recover first, and recover complete(SI_HI_LR_FR_C) is established with immediate response state for the restricted environment. After that, the impact of malware on IoT devices using both high and low infected rates will be analyzed. Finally, to illustrate the main results, several numerical analyses are carried out in addition to simulate the real-world scenario of IoT networks in the smart home, we built a dataset to be used in the experiments.

Cryptography and Security

Zhaoxuan Li,Ziming Zhao,Rui Zhang,Haoyang Lu,Wenhao Li,Fan Zhang,Siqi Lu,Rui Xue

DOI: https://doi.org/10.1016/j.comnet.2024.110563

IF: 5.493

2024-01-01

Computer Networks

Abstract:The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well as their obfuscated variants, given that they may be newly emerging and lack available detection knowledge. Although some methods try to use anomaly detection and zero-shot technology to identify unseen applications, they are limited to binary classification or lack the robustness, stability, universality, and interpretability in multi-class identification. To this end, we first propose a generic meta-features mining algorithm, which can discover the potential relationships between samples belonging to the same category. Then we present metaNet, a novel method leveraging meta-features to identify sophisticated Android malware. Specifically, metaNet is mainly powered by four components: (i) mExtractor is a feature collector to obtain the static and dynamic features. (ii) mProcessor is taking unique meta-features of each category from extracted features. (iii) mLearner is a machine learning suite that leverages features and meta-features to design and train a classifier called HSU-Net. (iv) mEnforcer is a flexible deployer that identifies categories of malware families in the real world. We implement a prototype of metaNet with 15K lines of Python code and compare it with state-of-the-art (SOTA) methods. The results show that it can not only achieve superior performance in terms of known families (99.52% of accuracy) and unknown families (99.31% of accuracy trained with 80% known families) for binary classification, but also perform well in multi-class identification, i.e., 99.05% and 93.45% of accuracy for known and unknown families, respectively. Furthermore, we deploy and evaluate metaNet in the real world. It can identify applications over an acceptable time and memory overheads, i.e., average of 11.8s and 56MB per sample with a size of 8MB. Also, the few-shot detection and feature perturbation experiments reflect its robustness and stability benefiting from meta-features. Finally, we collect the traffic of 112 decentralized applications (DApps) belonging to 16 categories, such as finance and health, and evaluated metaNet in DApp identification. The results illustrate its applicability across various tasks. That is, it can accurately classify 94.6% and 81.36% of DApp flows in all-known and 80%-known DApp scenarios, respectively, outperforming the SOTA methods.

Sreenitha Kasarapu,Sanket Shukla,Sai Manoj Pudukotai Dinakarrao

2024-04-13

Abstract:In recent years, networked IoT systems have revolutionized connectivity, portability, and functionality, offering a myriad of advantages. However, these systems are increasingly targeted by adversaries due to inherent security vulnerabilities and limited computational and storage resources. Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. While numerous malware detection techniques have been proposed, existing approaches often overlook the resource constraints inherent in IoT environments, assuming abundant resources for detection tasks. This oversight is compounded by ongoing workloads such as sensing and on-device computations, further diminishing available resources for malware detection. To address these challenges, we present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks. Our approach begins by analyzing available resources for malware detection using a lightweight regression model. Depending on resource availability, ongoing workload executions, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To safeguard data integrity and user privacy, rather than transferring the entire malware detection task, the classifier is partitioned and distributed across multiple nodes, and subsequently integrated at the parent node for comprehensive malware detection. Experimental analysis demonstrates the efficacy of our proposed technique, achieving a remarkable speed-up of 9.8x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Baihao Peng,Junfeng Liu,Jun Zeng

DOI: https://doi.org/10.1109/tifs.2023.3324386

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The advent of smart terminals and the IOT era has prompted the emergence of the multiplex network system. With the rapid information transmission in multiplex networks, security incidents caused by malicious attackers occur frequently. In light of the foregoing, this paper concentrates on modeling and analyzing the propagation process of multiplex networks. Particularly, this paper proposes an epidemic-based RCMO (Running- Confined- Malfuntioned- Overhauled) model after considering the operating state of equipment and a class of visibility-aware malware. After that, the stability analysis of the equilibria is performed to verify the effectiveness of the propagation threshold obtained in RCMO. Then, we introduce static controls including unique control, target control, acquaintance control, and pulse control, as well as dynamic controls including continuous-time and pulsed forms to the suppression strategies for preventing the spread of malware. Furthermore, the control strategies are cross-combined into $6\times 6$ hybrid maintenance strategies (HMS), and the simulation analysis is performed from three perspectives: evolution of state variables, accumulation of revenue, and change of controls. We discovered through experimental results that the optimal HMS to inhibit the propagation of malware and the HMS with the highest revenue are always different under various network topologies, but they are all hybrid combinations of continuous-time and pulse controls. To some extent, dynamic control can reduce discrepancies between the HMS and generate approximate returns. Finally, we propose a few cyber defense recommendations for network administrators.

computer science, theory & methods,engineering, electrical & electronic

Xianjun Sun,Chuang Lin,Yixin Jiang,Weidong Liu,Xiaowen Chu

DOI: https://doi.org/10.1109/ICC.2010.5501978

2010-01-01

Abstract:Intricate malware can result in the failure of on-line Comprehensive Protection (CP) in distributed systems, and place the system in an unsafe state which is difficult to recover from. There lacks an effective scheme to defend against this extreme attack. In this paper, based on the Two-layer Protection and Co-operative Recovery (TPCRS) mechanism, we propose an efficient survivable scheme against malware attacks in distributed systems. The basic strategy is to deploy an Emergency Response/Recovery (ER) agent at each node to recognize the state of the system whenever the CP fails, and to carry out cooperative security among multiple nodes so that the infected nodes can be rapidly recovered. Furthermore, a Preventive Maintenance (PM) model is adopted to enhance the reliability of the distributed system. Si-mulation results demonstrate the practicality and efficiency of the proposed schemes.

Emmanouil Panaousis,Eirini Karapistoli,Hadeer Elsemary,Tansu Alpcan,MHR Khuzani,Anastasios A.Economides

DOI: https://doi.org/10.1016/j.adhoc.2016.11.008

2017-11-04

Abstract:Device-to-Device (D2D) communication is expected to be a key feature supported by 5G networks, especially due to the proliferation of Mobile Edge Computing (MEC), which has a prominent role in reducing network stress by shifting computational tasks from the Internet to the mobile edge. Apart from being part of MEC, D2D can extend cellular coverage allowing users to communicate directly when telecommunication infrastructure is highly congested or absent. This significant departure from the typical cellular paradigm imposes the need for decentralised network routing protocols. Moreover, enhanced capabilities of mobile devices and D2D networking will likely result in proliferation of new malware types and epidemics. Although the literature is rich in terms of D2D routing protocols that enhance quality-of-service and energy consumption, they provide only basic security support, e.g., in the form of encryption. Routing decisions can, however, contribute to collaborative detection of mobile malware by leveraging different kinds of anti-malware software installed on mobile devices. Benefiting from the cooperative nature of D2D communications, devices can rely on each other's contributions to detect malware. The impact of our work is geared towards having more malware-free D2D networks. To achieve this, we designed and implemented a novel routing protocol for D2D communications that optimises routing decisions for explicitly improving malware detection. The protocol identifies optimal network paths, in terms of malware mitigation and energy spent for malware detection, based on a game theoretic model. Diverse capabilities of network devices running different types of anti-malware software and their potential for inspecting messages relayed towards an intended destination device are leveraged using game theoretic tools. An optimality analysis of both Nash and Stackelberg security games is undertaken, including both zero and non-zero sum variants, and the Defender's equilibrium strategies. By undertaking network simulations, theoretical results obtained are illustrated through randomly generated network scenarios showing how our protocol outperforms conventional routing protocols, in terms of expected payoff, which consists of: security damage in inflicted by malware and malware detection cost.

Computer Science and Game Theory

Hong Zhang,Shigen Shen,Qiying Cao,Xiaojun Wu,Shaofeng Liu

DOI: https://doi.org/10.1177/1550147720972944

IF: 1.938

2020-11-01

International Journal of Distributed Sensor Networks

Abstract:Wireless sensor networks, as a multi-hop self-organized network system formed by wireless communication, are vulnerable to malware diffusion by breaking the data confidentiality and service availability, owing to their low configuration and weak defense mechanism. To reveal the rules of malware diffusion in the really deployed wireless sensor networks, we propose a model called Malware Diffusion Based on Cellular Automaton to describe the dynamics of malware diffusion based on cellular automaton. According to the model, we first analyze and obtain the differential equations, which can reflect the various state dynamics of sensor nodes with cellular automaton. Then, we attain the equilibrium points of the model Malware Diffusion Based on Cellular Automaton to determine the threshold for whether malware will diffuse or die out in wireless sensor networks. Furthermore, we compute the basic regeneration number of the model Malware Diffusion Based on Cellular Automaton using the next-generation matrix and prove the stability of the equilibrium points. Finally, via experimental simulation, we verify the effectiveness of the model Malware Diffusion Based on Cellular Automaton, which can provide administrators with the theoretical guidance on suppressing malware diffusion in wireless sensor networks.

computer science, information systems,telecommunications

Mingshen Sun,Xiaolei Li,John C.S. Lui,Richard T.B. Ma,Zhenkai Liang

DOI: https://doi.org/10.48550/arXiv.1612.03312

2016-12-11

Abstract:Android, the most popular mobile OS, has around 78% of the mobile market share. Due to its popularity, it attracts many malware attacks. In fact, people have discovered around one million new malware samples per quarter, and it was reported that over 98% of these new malware samples are in fact "derivatives" (or variants) from existing malware families. In this paper, we first show that runtime behaviors of malware's core functionalities are in fact similar within a malware family. Hence, we propose a framework to combine "runtime behavior" with "static structures" to detect malware variants. We present the design and implementation of MONET, which has a client and a backend server module. The client module is a lightweight, in-device app for behavior monitoring and signature generation, and we realize this using two novel interception techniques. The backend server is responsible for large scale malware detection. We collect 3723 malware samples and top 500 benign apps to carry out extensive experiments of detecting malware variants and defending against malware transformation. Our experiments show that MONET can achieve around 99% accuracy in detecting malware variants. Furthermore, it can defend against 10 different obfuscation and transformation techniques, while only incurs around 7% performance overhead and about 3% battery overhead. More importantly, MONET will automatically alert users with intrusion details so to prevent further malicious behaviors.

Cryptography and Security

Sen Chen,Minhui Xue,Lingling Fan,Shuang Hao,Lihua Xu,Haojin Zhu,Bo Li

DOI: https://doi.org/10.48550/arXiv.1706.04146

2017-10-31

Abstract:The evolution of mobile malware poses a serious threat to smartphone security. Today, sophisticated attackers can adapt by maximally sabotaging machine-learning classifiers via polluting training data, rendering most recent machine learning-based malware detection tools (such as Drebin, DroidAPIMiner, and MaMaDroid) ineffective. In this paper, we explore the feasibility of constructing crafted malware samples; examine how machine-learning classifiers can be misled under three different threat models; then conclude that injecting carefully crafted data into training data can significantly reduce detection accuracy. To tackle the problem, we propose KuafuDet, a two-phase learning enhancing approach that learns mobile malware by adversarial detection. KuafuDet includes an offline training phase that selects and extracts features from the training set, and an online detection phase that utilizes the classifier trained by the first phase. To further address the adversarial environment, these two phases are intertwined through a self-adaptive learning scheme, wherein an automated camouflage detector is introduced to filter the suspicious false negatives and feed them back into the training phase. We finally show that KuafuDet can significantly reduce false negatives and boost the detection accuracy by at least 15%. Experiments on more than 250,000 mobile applications demonstrate that KuafuDet is scalable and can be highly effective as a standalone system.

Cryptography and Security

Cheng-Jie Xiong,Yan-Fu Li,Min Xie,Szu-Hui Ng,Thong-Ngee Goh

DOI: https://doi.org/10.1007/978-3-642-10619-4_38

2009-01-01

Abstract:Distributed systems are widely deployed in industries where high computational capability and low cost are required. Distributed software architecture is very important in the distributed system. However, since most distributed systems are designed based on a network structure, distributed software is very vulnerable to malware attacks. Due to the popularity of distributed system, it is vital to study the effects of malware attack on distributed systems. In this paper, we studied the malware attack behaviors by a Markov process model. The states of the object homogeneous distributed system can be derived by analyzing the Markov model, with which the service reliability and service availability can be further obtained. An illustrative demonstration is also presented.

Shi Jin,Zhaofeng Guo,Dongli Liu,Yanhua Yang

DOI: https://doi.org/10.1155/2022/4977898

2022-02-23

Abstract:In recent years, with the development of information technology, the Internet has become an essential tool for human daily life. However, as the popularity and scale of the Internet continue to expand, malware has also emerged as an increasingly widespread trend, and its development has brought many negative impacts to the society. As the number of types of malware is getting enormous, the attacks are constantly updated, and at the same time, the spread is very fast, causing more and more damage to the network, the requirements and standards for malware detection are constantly rising. How to effectively detect malware is a research trend; in order to tackle the new needs and problems arising from the development of malware, this paper proposes to guide machine learning algorithms to implement malware detection in a distributed environment: firstly, each detection node in the distributed network performs anomaly detection on the captured software information and data, then performs feature analysis to discover unknown malware and obtain its samples, updates the new malware features to all feature detection nodes in the whole distributed network, and trains the random forest-based machine learning algorithm for malware classification and detection, thus completing the global response processing capability for malware. By building a distributed system framework, the global capture capability of malware detection is enhanced to robustly respond to the increasing and rapid spread of malware, and machine learning algorithms are integrated into it to achieve effective detection of malware. Extended experiments on the Ember 2017 and Ember 2018 databases show that our proposed approach achieves advanced performance and effectively addresses the problem of malware detection.

Roberto Casado-Vara,Marcos Severt,Antonio Díaz-Longueira,Ángel Martín del Rey,Jose Luis Calvo-Rolle

DOI: https://doi.org/10.3390/math12020250

IF: 2.4

2024-01-13

Mathematics

Abstract:With the progress and evolution of the IoT, which has resulted in a rise in both the number of devices and their applications, there is a growing number of malware attacks with higher complexity. Countering the spread of malware in IoT networks is a vital aspect of cybersecurity, where mathematical modeling has proven to be a potent tool. In this study, we suggest an approach to enhance IoT security by installing security updates on IoT nodes. The proposed method employs a physically informed neural network to estimate parameters related to malware propagation. A numerical case study is conducted to evaluate the effectiveness of the mitigation strategy, and novel metrics are presented to test its efficacy. The findings suggest that the mitigation tactic involving the selection of nodes based on network characteristics is more effective than random node selection.

mathematics