Abstract—Malicious mobile phone worms spread between devices via short-range Bluetooth contacts, similar to the propagation of human and other biological viruses. Recent work has employed models from epidemiology and complex networks to analyse the spread of malware and the effect of patching specific nodes. These approaches have adopted a static view of the mobile networks, i.e., by aggregating all the edges that appear over time, which leads to an approximate representation of the real interactions: instead, these networks are inherently dynamic and the edge appearance and disappearance are highly influenced by the ordering of the human contacts, something which is not captured at all by existing complex network measures. In this paper we first study how the blocking of malware propagation through immunisation of key nodes (even if carefully chosen through static or temporal betweenness centrality metrics) is ineffective: this is due to the richness of alternative paths in these networks. Then we introduce a time-aware containment strategy that spreads a patch message starting from nodes with high temporal closeness centrality and show its effectiveness using three real-world datasets. Temporal closeness allows the identification of nodes able to reach most nodes quickly: we show that this scheme reduces the cellular network resource consumption and associated costs, achieving, at the same time, complete containment of malware in a limited amount of time.

Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s):

We introduce a new communication paradigm, Human-to-human Mobile Ad hoc Networking (HU-MANET), that exploits smartphone capabilities and human behavior to create decentralized networks for smartphone-to-smartphone message delivery. HUMANETs support stealth command-and-control messaging for mobile BotNets, covert channels in the presence of an observer who monitors all cellular communication, and distributed protocols for querying the state or content of targeted mobile devices. In this paper, we introduce techniques for constructing HUMANETs and describe protocols for efficiently routing and addressing messages. In contrast to flooding or broadcast schemes that saturate the network and aggressively consume phone resources (e.g., batteries), our protocols exploit human mobility patterns to significantly increase communication efficiency while limiting the exposure of HU-MANETs to mobile service providers. Our techniques leverage properties of smartphones – in particular, their highly synchronized clocks and ability to discern location information – to construct location profiles for each device. HUMANETs ’ fully-distributed and heuristic-based routing protocols route messages towards phones with location profiles that are similar to those of the intended receiver, enabling efficient message delivery with limited effects to end-to-end latency. 1

Abstract—Mobile phones are integral to everyday life with emails, social networking, online banking and other applications; however, the wealth of private information accessible increases economic incentives for attackers. Compared with fixed networks, mobile malware can replicate through both long range messaging and short range radio technologies; the former can be filtered by the network operator but determining the best method of containing short range malware is an open problem. While global software updates are sometimes possible, they are often not practical. An alternative and more efficient strategy is to distribute the patch to the key nodes so that they can opportunistically disseminate it to the rest of the network via short range encounters; but how can these key nodes be identified in a highly dynamic network topology? In this paper, we address these questions by presenting Socio-Temporal Opportunistic Patching (STOP), a two-tier predictive mobile malware containment system: devices collect co-location data in a decentralized manner and report to a central server which processes and targets delivery of hot fixes to a small subset of k devices at runtime; in turn mobile devices spread the patch opportunistically. The STOP system is underpinned by a recent theoretical framework for analysing dynamic networks that takes into account temporal information of links. Using empirical contact traces, we find firstly, the top-k ranking temporal centrality nodes are highly correlated with past time windows; and secondly, simple prediction functions can be designed to select the set of top-k nodes that are optimal for patch spreading. I.

for modelling proximity-borne malware