EpiNet: A Simulation Framework to Study the Spread of Malware in Wireless Networks

Channakeshava, Karthik; Chafekar, Deepti; Bisset, Keith R.; Kumar, V. S. Anil; Marathe, Madhav V.

doi:10.4108/icst.simutools2009.5652

Cited by 23 publications

(30 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The comparison results between RWP and the activity-based mobility models in addition to the preliminary results with the EpiNet environment on the Chicago network were published in [22].…”

Section: Discussionmentioning

confidence: 99%

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

Channakeshava

Bisset

Kumar

et al. 2011

2011 IEEE International Parallel &Amp; Distributed Processing Symposium

Self Cite

View full text Add to dashboard Cite

Advances in computing and communication technologies are blurring the distinction between today's PCs and mobile phones. With expected smart phones sales to skyrocket, lack of awareness regarding securing them, and access to personal and proprietary information, has resulted in the recent surge of mobile malware. In addition to using traditional social-engineering techniques such as email and file-sharing, malware unique to Bluetooth, Short Messaging Service (SMS) and Multimedia Messaging Service (MMS) messages are being used. Large scale simulations of malware on wireless networks have becomes important and studying them under realistic device deployments is important to obtain deep insights into their dynamics and devise ways to control them.In this dissertation, we present EpiNet: an individual-based scalable high-performance oriented modeling environment for simulating the spread of mobile malware over large, dynamic networks.EpiNet can be used to undertake comprehensive studies during both planning and response phase of a malware epidemic in present and future generation wireless networks. Scalability is an important design consideration and the current EpiNet implementation can scale to 3-5 million device networks and case studies show that large factorial designs on million device networks can be executed within a day on 100 node clusters. Beyond compute time, EpiNet has been designed for analysts to easily represent a range of interventions and evaluating their efficacy.The results indicate that Bluetooth malware with very low initial infection size will not result in a major wireless epidemic. The dynamics are dependent on the network structure and, activitybased mobility models or their variations can yield realistic spread dynamics. Early detection of the malware is extremely important in controlling the spread. Non-adaptive response strategies using static graph measures such as degree and betweenness are not effective. Device-based detection mechanisms provide a much better means to control the spread and only effective when detection occurs early on. Automatic signature generation can help in detecting newer strains of the malware and signature distributions through a central server results in better control of the spread. Centralized dissemination of patches are required to reach a large proportion of devices to be effective in slowing the spread. Non-adaptive dynamic graph measures such as vulnerability are found to be more effective.Our studies of SMS and hybrid malware show that SMS-only malware spread slightly faster than Bluetooth-only malware and do not spread to all devices. Hybrid malware spread orders of magnitude faster than either SMS-only or Bluetooth-only malware and can cause significant damage.Bluetooth-only malware spread faster than SMS-only malware in cases where density of devices in the proximity of an infected device is higher. Hybrid malware can be much more damaging than Bluetooth-only or SMS-only malware and we need mechanisms that can prevent such an outbreak.EpiNe...

show abstract

“…The comparison results between RWP and the activity-based mobility models in addition to the preliminary results with the EpiNet environment on the Chicago network were published in [22].…”

Section: Discussionmentioning

confidence: 99%

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

Channakeshava

Bisset

Kumar

et al. 2011

2011 IEEE International Parallel &Amp; Distributed Processing Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…Channakeshava et al [26] used activity based models to investigate the spread of Bluetooth worms in a mobile urban population. Based on their investigation, they suggested a framework to generate synthetic data to study the spread of Bluetooth worms over real wireless networks.…”

Section: Countermeasures and Related Workmentioning

confidence: 99%

Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study

Sanatinia

Narain

Noubir

2013

2013 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.

show abstract

“…In light of these issues, we use a synthetic mobility and contact network model constructed using a first-principles based approach (Eubank et al 2004;Barrett et al 2009)-this involves detailed activity modeling in large urban regions, and will be referred to as ABM in the rest of the paper. This approach integrates over a dozen public and commercial datasets, and involves the following steps (see Barrett et al 2009;Channakeshava et al 2011;Channakeshava et al 2009 for more details): (i) Create a synthetic urban population using several databases from commercial and public sources, while preserving their privacy and maintaining statistical indistinguishability; (ii) Use activity templates of individuals to create the activity-based mobility models. This generates the social network for individuals using the US census, survey data and time-use surveys; (iii) Assign detailed route plans to individuals based on the locations where activities are performed and the road network that connects the locations; (iv) Construct detailed movement patterns using a cellular automata based micro-simulation for individuals over the transportation infrastructure; and (v) Construct the Bluetooth proximity network using a sub-location model.…”

Section: In Context Synthetic Mobility and Socio-communication Networmentioning

confidence: 99%

“…Internet or wireless epidemiology (Ma, Voelker, and Savage 2005;Kleinberg 2007) acknowledges this close relationship and aims to use mathematical and biological principles developed by epidemiologists to study We briefly recall our earlier work on developing synthetic populations, dynamic synthetic mobile networks and HPC-based modeling environment; see Eubank et al (2004), Barrett et al (2009), Channakeshava et al (2011), Channakeshava et al (2009) for details.…”

Section: Introductionmentioning

confidence: 99%

Reasoning about mobile malware using high performance computing based population scale models

Channakeshava¹,

Bisset²,

Marathe³

et al. 2014

Proceedings of the Winter Simulation Conference 2014

Self Cite

View full text Add to dashboard Cite

We present a high performance computing (HPC) based modeling approach to reason about mobile malware. The ubiquity of smart phones and devices and the use of local protocols for disseminating information over such devices has raised new security challenges. The HPC approach to study mobile malware propagation problem involves: (i) a realistic and detailed representation of mobile devices, their time varying location, their usage patterns and the urban environment within which they are operated, leading to dynamic interaction networks over which malware can spread -these networks are large, heterogeneous and time varying; and (ii) a high performance computing based simulation environment that can study diffusion of malware over such networks. We use EpiCure, an individual based high performance simulation tool for malware modeling, that scales to networks spanning urban regions with over 10M individuals. We find that malware dynamics in realistic networks are very different from those in random waypoint (RWP) mobility models. Next, we study the impact of some of the worm model parameters and properties associated with population mobility and social contact networks; we use detailed statistical analysis to identify the significant parameters and their interaction. Finally, we use EpiCure to study SMS/MMS based malware and hybrid malware that spread using both proximity based Bluetooth networks and infrastructure based cellular networks.

show abstract

EpiNet: A Simulation Framework to Study the Spread of Malware in Wireless Networks

Cited by 23 publications

References 15 publications

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study

Reasoning about mobile malware using high performance computing based population scale models

Contact Info

Product

Resources

About