SlideShare a Scribd company logo

An epidemic model of mobile phone virus

U
UltraUploader
1 of 5
Download to read offline
1 An Epidemic Model of Mobile Phone Virus Hui Zheng1 , Dong Li2 , Zhuo Gao3 1 Network Research Center, Tsinghua University, P. R. China zh@tsinghua.edu.cn 2 School of Computer Science and Technology, Huazhong University of Science and Technology, P. R. China lidong@hust.edu.cn 3 Department of Physics, Beijing Nomarl University, P. R. China zhuogao@bnu.edu.cn Abstract Considering the characteristics of mobile network, we import three important parameters: distribution density of mobile phone, coverage radius of Bluetooth signal and moving velocity of mobile phone to build an epidemic model of mobile phone virus which is different from the epidemic model of computer worm. Then analyzing different properties of this model with the change of parameters; discussing the epidemic threshold of mobile phone virus; presenting suggestions of quarantining the spreading of mobile phone virus. Keywords: Mobile Phone Virus, Epidemic Model, Security of Wireless Network, Bluetooth, Smart Phone. 1. Introduction The first computer virus that attacks mobile phone is VBS. Timofonica which was found on May 30, 2000 [1]. This virus spreads through PCs, but it can use the message service of moviestar.net to send out rubbish short messages to its subscriber. It is propagandized as mobile phone virus by the media, but in fact it’s only a kind of computer virus and can’t spread through mobile phone which is the only attacked object. Cabir Cell Phone Worm which was found on June 14, 2000 is really a mobile phone virus [2]. It spreads from one cell phone to another by Bluetooth. Now it is found in more than 20 countries and has more than 7 variants. Cabir has the characteristic of initiative spreading and this pattern will be mostly adopted by “mobile phone virus” in the future. Table 1 lists the comparison between configuration of smart phone and computer. This table presents the most advanced desk-top computer configuration in 1998 and 1999. Generally, it takes 2 to 3 years for computer with the most advanced configuration to become popular. That is to say, when the Code Red Worm broke out in 2001, common hardware of computers in Internet was as same as the configuration in table 1. With the comparison in table 1, we can see that smart phone presently has already possessed hardware condition for computer virus spreading. Table 1. Hardware comparing between smart phone and desk-top personal computer Hardware 2005(dop od 828) 1998 PC 1999 PC CPU Intel 416MHz PentiumⅡ 333MHz Pentium III 450MHz[3] Memory 128M 32M 64M Hard Disk 2G~8G 2G 6G The development and popularization of smart phone are both very fast. According to the statistics of ARC, in 2004 the sum of smart phone is 27,000,000, accounting for 3% of the global amount of mobile phones. IDC estimates that the sum of smart phone will reach up to 130,000,000 by 2008 and account for 15% of the global amount of mobile phones [4]. So we should pay much attention to the security of smart phone. In this paper, “smart phone” is one smart mobile terminal device with the integrated ability of data transmission, processing and communication; “mobile phone virus” is a malicious code that can spread through all kinds of smart mobile terminal devices. As to the security research, though we can refer to the security research results in MANETs (Mobile Ad Hoc Networks), MANETs and Sensor network emphasize that resource is finite and all the problems about application and security should be restricted to this precondition [12]. Smart mobile terminal device emphasizes that resource is abundant, even possess the same computing ability as desk-top personal computer. So for these two security problems, the starting points of research are different. Recently, paper [5] demonstrates that traditional epidemic model of computer virus can’t be applied to virus spreading in
2 mobile environment and the epidemic model when the mobile phone moves with variable velocity is also discussed. But in a small area, uniform motion accords with the sport law of human being preferably. What’s more, some important parameters such as distribution density and signal coverage radius are not imported to the model. Paper [6] compares to the required condition of virus spreading in computer and gives the corresponding required condition of virus spreading in MANETs by simulation. This paper first discusses several spreading modes of mobile phone virus; The second section builds the epidemic model of mobile phone virus which imports 3 parameters: moving velocity, signal coverage radius and distribution density; The third section analyses some relevant characteristics of this model; the fourth section compares the epidemic model of mobile phone virus with the epidemic model of Internet worm and discusses the threshold of mobile phone virus breaking out. At last, we make some discussions. 2. The spreading way of mobile phone virus Though paper [7~8] presents many examples of “mobile phone virus”, many of them are not able to spread, so they are not real mobile phone virus. According to analysis of all kinds of epidemic malicious codes which have been found, such as Cabir [2], Commwarrior [9], Brador [10], Skull [11] etc, we can define mobile phone virus: it is a piece of data or program that spreads among smart mobile terminal devices by the communication interfaces and can influence the usage of handset or leak out sensitive data. Through the analysis of spreading way, we can conclude table 2: Table 2. Spreading way of mobile phone virus Wireless spreading channel Spreading distance Spreading direction Way of discovering neighbor nodes Relay (Yes or No) GPRS/CDMA 1XRTT 1000m Non-directional Appointed Yes Wi-Fi(802.11) 100m Non-directional Appointed Yes Bluetooth 10m Non-directional Automatic No IrDA 1m Directional Automatic No For the mobile phone virus that can spread by MMS and E-mail, it can transmit data by GPRS and Wi-Fi; for the mobile phone virus that spread by electronic file, it can transmit data by Bluetooth and IrDA. Although there are four wireless transmission ways, some need relay nodes or directional angle, so Bluetooth is the best choice for virus writer. In this model, we mainly consider those mobile phone viruses that spread through Bluetooth. For other ways of transmission, we will build the model in other papers. 3. The epidemic model of mobile phone propagating Supposing mobile phone has two statuses: Susceptible and infected. The infected will come back to susceptible with certain probability. In table 3, we define some symbols: Table 3. Symbol definition Symbol Instructions Ω moving space of mobile phone (2-dimmension) ρ distribution density of mobile phone (uniform distribution) v moving velocity of mobile phone (uniform velocity) r coverage radius of Bluetooth signal I The number of virus in mobile phone at time t β epidemic rate of mobile phone virus propagating δ resuming rate of the infected Then we can build the epidemic model of mobile phone virus: I I vrrI dt dI ⋅−⋅ ⋅Ω −⋅Ω ⋅−⋅⋅⋅+⋅⋅= δβ ρ ρ ρπ )1)2(( 2 Suppose: δβρβπ −−+= )2( 2 rvra , ρ βρβπ Ω −+ = )2( 2 rvr b , Then the differential equation is: 2 bIaI dt dI −= , The solution is: cat cat be ae I + + + = 1 , For )( 0tI , the initial value of c is a constant. We can conclude from the solution: if 0<a ,then 0→I , and if 0>a , then b a I → . 4. Analysis of model properties The changes of model properties with changes of different parameters are researched. Table 4 presents the range of parameters.
3 Table 4. The range of parameters Symbol Instruction Range Ω moving space of mobile phone (2-dimmension) 1000m * 1000m ρ distribution density of mobile phone (uniform distribution) 0.001~0.1/m2 v moving velocity of mobile phone (uniform velocity) 2m/s r coverage radius of Bluetooth signal 10m β epidemic rate of mobile phone virus 0.75 δ resuming rate of infected 0.025 0I The number of initial infected mobile phones 5 4.1. Influence of distribution density to virus spreading The connotative subject condition of equation is )2( 1 2 vrr ⋅⋅+⋅ > π ρ , mobile phone virus is able to spread when this condition is satisfied. Figure 1 shows the relationship between distribution density and infection percentage. When the subject condition is not satisfied, infection percentage is 0; when the subject condition is satisfied, the infection percentage is very sensitive to the change of distribution density, the small change of distribution density can lead to great improvement proportion of the infected. Relationship of distribution density and infection percentage 0 0.2 0.4 0.6 0.8 1 0.001 0.008 0.015 0.022 0.029 0.036 0.043 0.050 distribution density(number of mobile phone in one unit area) infection percentage Figure 1. Relationship of distribution density and infection percentage Figure 2 is the relationship between distribution density and spreading time. It shows the influence of distribution density to moving velocity. Mobile phone virus can’t spread when distribution density is small. Spreading time that the infection of mobile phone virus gets to equilibrium reflects the spreading velocity of virus. From these we can see that spreading velocity is very sensitive to the change of distribution density. Relationship between ditribution density and spreading time 0 500 1000 1500 2000 0.0029 0.0036 0.0043 0.0050 0.0057 0.0064 distribution density spreadingtime Figure 2. Relationship between distribution density and spreading time 4.2. Influence of coverage radius to virus spreading Considering the range of coverage radius of Bluetooth signal r varies from 5m to 15m. Distribution density of mobile phone is 0.005. Figure 3 is the relationship of coverage radius and percentage of the infected, which presents the influence of coverage radius to virus spreading. From these we can see that mobile phone virus can’t spread when coverage radius is very small. If it spreads, the infection percentage will change with coverage radius. Ralationship between coverage radius and infection percentage 0 0.2 0.4 0.6 0.8 1 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 coverage radius infection percentage Figure 3. Relationship between coverage radius and infection percentage Figure 4 is the relationship between coverage radius and spreading time, it presents the influence of coverage radius to spreading velocity. Virus can’t spread when coverage radius is very small. Spreading velocity is very sensitive to the changes of coverage radius.
4 Ralationship between coverage radius and spreading time 0 200 400 600 800 1000 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 coverage radius spreadingtime Density=0.005 Figure 4. Ralationship between coverage radius and spreading time 4.3. Influence of moving velocity to virus spreading Assuming distribution density of mobile phone is 0.0035, the range of moving velocity is 1m/s~30m/s, figure 5 is the relationship between moving velocity and infection percentage, it presents the influence of moving velocity to the spreading of mobile phone virus. For the small distribution density of mobile phone and typical coverage radius, speeding the moving velocity can result in the spreading of the virus which can’t spread before. Ralationship between moving velocity and infenction percentage 0 0.2 0.4 0.6 0.8 1 1.0 6.0 11.0 16.0 21.0 26.0 moving velocity infection percentage Density=0.0035 Figure 5. Relationship between moving velocity and infection percentage Figure 6 is the relationship between moving velocity and spreading time. It presents the influence of moving velocity to spreading velocity. From this figure we can see that increasing of moving velocity can speed up the spreading of virus. Relationship between moving velocity and spreading time 0 500 1000 1500 2000 2500 1.0 5.5 10.0 14.5 19.0 23.5 28.0 moving velocity spreadingtime Density=0.0035 Figure 6. Relationship between moving velocity and spreading time The time that virus file transfers from one mobile phone to another is fT , the discussion above supposes that the moving of mobile phone has no influence to virus spreading. If we take into account the influence of moving velocity of mobile phone, we can add one subject condition: fT r v < . When this condition is satisfied, virus can spread. When this condition is not satisfied, that is to say, mobile phone moves too fast, then the time that virus stay in the coverage area of signal is too short, virus can’t spread. 5. Results of comparison with epidemic models of worm The corresponding epidemic model of worm in computer network can be expressed as [13]: III dt dI ⋅−⋅−⋅Ω⋅= δβρ )( In computer network, ρ⋅Ω is the sum of computer and it is a fixed value in short time. The threshold of its spreading is: ρ β δ ⋅Ω< . If this condition is satisfied, worm can spread. This condition can be satisfied easily. Different from the spreading threshold of computer virus, the spreading threshold of mobile phone virus is subject to coverage radius of wireless signal, moving velocity and distribution density. According to the stabilized solution of differential equation, we can see: if 0<a , then 0→I ; for δβρβπ −−+= )2( 2 rvra , we can get a new threshold: 1)2( 2 −⋅⋅+⋅< ρπ β δ vrr . When this condition is satisfied, virus will break out; if this condition is not satisfied, virus can’t break out.
5 From these we can see: the condition that mobile phone virus breaks out is much more rigorous than worm in computer network. So the probability of that mobile phone virus breaks out in large area is very small, but it is possible in local area. 6. Conclusions Because of the mobility, mobile phone has some relevant characteristics: moving velocity, moving scope etc, which make the epidemic model of mobile phone virus very different from the model of computer virus and worm. We can make use of stochastic mobile model (such as Random Waypoint model, Random Direction model [14]) to build spreading model of mobile phone virus. But these stochastic models have some limitations and can’t accord with the fact preferably. For simplification of this problem, we build this model with uniform motion. Through the analysis of this model, we can conclude some measures of quarantining mobile phone virus: reducing coverage radius, such as reducing signal power, or interfering signal etc; decreasing moving velocity, such as restricting the flowage of person; lessening distribution density of mobile phone, such as controlling the moving area of someone with mobile phone; these measures have distinct differences with the usual ways of quarantining mobile phone virus spreading. Acknowledgement This work is supported in part by National Science Foundation of China under contract 60203004; by High-Tech Program (863) of China under contract 2003AA142080. Points of view in this document are those of the authors and do not necessarily represent the official position of Tsinghua University, Huazhong University of Science and Technology, or Beijing Nomarl University. References [1] Symantec. VBS.Timofonica. http://www.symantec.com/avcenter/venc/data/vbs.timofonica. html [2] Symantec. SymbOS.Cabir. http://securityresponse.symantec.com/avcenter/venc/data/sym bos.cabir.html [3] History of Computer Development. http://www.net130.com/2004/5-28/20344-4.html. (in Chinese) [4] Neal Leavitt. Mobile Phones, The Next Frontier for Hackers. IEEE Computer, 38(4): 20-23, 2005. [5] James W. Mickens, Brian D. Noble. Modeling Epidemic Spreading in Mobile Environments. WiSE’05, September 2nd , 2005, Cologne, Germany. [6] Robert G. Cole, Nam Phamdo, Moheeb A. Rajab, Andreas Terzis. Requirements on Worm Mitigation Technologies in MANETs. Proceedings of the Workshop on Principles of Advanced and Distributed Simulation (PADS’05). [7] Shi-an Wang. Principle and Defense of Mobile Phone Virus. Journal of Dal ian Institute of Light Industry, 23(1): 74- 76, 2004. (in Chinese) [8] Kai Li, Hao Chen. Virus Threats to GSM Mobile Phones. China Information Security, 7:226-228, 2005. (in Chinese) [9] Mikko Hypponen, Jarno Niemela. F-Secure Virus Descriptions Commwarrior. A. March 7th , 2005.http://www.f- secure.com/v-descs/commwarrior.shtml [10] Viruslist-Backdoor. WinCE.Brador, a Viruslist. Aug 5th , 2004. http://www.viruslist. com/en/viruslist.html?id=1984055 [11] Dan Ilet and Matt Hines. Skulls program carries Cabir worm into phones. Techrepublic. Nov 30th , 2004. http://techrepublic.com /5100-22_11-5471004.html [12] Sang ho Kim, Choon Seong Leem. Security Threats and Their Countermeasures of Mobile Portable Computing Devices in Ubiquitous Computing Environments. ICCSA 2005, LNCS 3483, pp. 79 – 85, 2005. [13] J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Computer Symposium on Research in Security and Privacy, pages 343–359, May 1991. [14] Bettstetter, H. Hartenstein, and X. Perez-Costa. Stochastic Properties of the Random Waypoint Mobility Model. ACM/ Kluwer Wireless Networks, 10(5):555–567, September 2004.

Recommended

Modeling and restraining of mobile virus propagation
Modeling and restraining of mobile virus propagationModeling and restraining of mobile virus propagation
Modeling and restraining of mobile virus propagation
Pranav Pinarayi
 
Wireless Communication - GSM Security
Wireless Communication - GSM SecurityWireless Communication - GSM Security
Wireless Communication - GSM Security
Ankit Mulani
 
A mobile offloading game against smart attacks
A mobile offloading game against smart attacksA mobile offloading game against smart attacks
A mobile offloading game against smart attacks
redpel dot com
 
19
1919
19
ieeeprojectsvadapalani
 
Mobility prediction in telecom cloud using telecom calls.
Mobility prediction in telecom cloud using telecom calls.Mobility prediction in telecom cloud using telecom calls.
Mobility prediction in telecom cloud using telecom calls.
Afiya Rajee
 
optimal distributed malware defense in mobile networks with heterogeneous dev...
optimal distributed malware defense in mobile networks with heterogeneous dev...optimal distributed malware defense in mobile networks with heterogeneous dev...
optimal distributed malware defense in mobile networks with heterogeneous dev...
swathi78
 
Secure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailSecure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-Mail
IJERA Editor
 
Ensuring Security in Emergency through SMS Alert System
Ensuring Security in Emergency through SMS Alert SystemEnsuring Security in Emergency through SMS Alert System
Ensuring Security in Emergency through SMS Alert System
Editor IJCATR
 

Recommended

Modeling and restraining of mobile virus propagation
Modeling and restraining of mobile virus propagationModeling and restraining of mobile virus propagation
Modeling and restraining of mobile virus propagation
Pranav Pinarayi
 
Wireless Communication - GSM Security
Wireless Communication - GSM SecurityWireless Communication - GSM Security
Wireless Communication - GSM Security
Ankit Mulani
 
A mobile offloading game against smart attacks
A mobile offloading game against smart attacksA mobile offloading game against smart attacks
A mobile offloading game against smart attacks
redpel dot com
 
19
1919
19
ieeeprojectsvadapalani
 
Mobility prediction in telecom cloud using telecom calls.
Mobility prediction in telecom cloud using telecom calls.Mobility prediction in telecom cloud using telecom calls.
Mobility prediction in telecom cloud using telecom calls.
Afiya Rajee
 
optimal distributed malware defense in mobile networks with heterogeneous dev...
optimal distributed malware defense in mobile networks with heterogeneous dev...optimal distributed malware defense in mobile networks with heterogeneous dev...
optimal distributed malware defense in mobile networks with heterogeneous dev...
swathi78
 
Secure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailSecure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-Mail
IJERA Editor
 
Ensuring Security in Emergency through SMS Alert System
Ensuring Security in Emergency through SMS Alert SystemEnsuring Security in Emergency through SMS Alert System
Ensuring Security in Emergency through SMS Alert System
Editor IJCATR
 
Algebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environmentsAlgebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environments
UltraUploader
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
UltraUploader
 
A web based network worm simulator
A web based network worm simulatorA web based network worm simulator
A web based network worm simulator
UltraUploader
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
UltraUploader
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
UltraUploader
 
Artista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys temsArtista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys tems
UltraUploader
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
UltraUploader
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidance
UltraUploader
 
A sense of self for unix processes
A sense of self for unix processesA sense of self for unix processes
A sense of self for unix processes
UltraUploader
 
Autoimmune viruses
Autoimmune virusesAutoimmune viruses
Autoimmune viruses
UltraUploader
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbot
UltraUploader
 
Automated worm fingerprinting
Automated worm fingerprintingAutomated worm fingerprinting
Automated worm fingerprinting
UltraUploader
 
Abstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environmentsAbstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environments
UltraUploader
 
A cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defensesA cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defenses
UltraUploader
 
Anti forensics the rootkit connection
Anti forensics the rootkit connectionAnti forensics the rootkit connection
Anti forensics the rootkit connection
UltraUploader
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincible
UltraUploader
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
UltraUploader
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...
UltraUploader
 
Malware propagation in large scale networks
Malware propagation in large scale networksMalware propagation in large scale networks
Malware propagation in large scale networks
Pvrtechnologies Nellore
 
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
mordechaiguri
 
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
Sara Perez
 
Malware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale NetworksMalware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale Networks
1crore projects
 

More Related Content

Viewers also liked

Algebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environmentsAlgebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environments
UltraUploader
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
UltraUploader
 
A web based network worm simulator
A web based network worm simulatorA web based network worm simulator
A web based network worm simulator
UltraUploader
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
UltraUploader
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
UltraUploader
 
Artista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys temsArtista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys tems
UltraUploader
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
UltraUploader
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidance
UltraUploader
 
A sense of self for unix processes
A sense of self for unix processesA sense of self for unix processes
A sense of self for unix processes
UltraUploader
 
Automated worm fingerprinting
Automated worm fingerprintingAutomated worm fingerprinting
Automated worm fingerprinting
UltraUploader
 
Abstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environmentsAbstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environments
UltraUploader
 
A cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defensesA cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defenses
UltraUploader
 
Anti forensics the rootkit connection
Anti forensics the rootkit connectionAnti forensics the rootkit connection
Anti forensics the rootkit connection
UltraUploader
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincible
UltraUploader
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
UltraUploader
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...
UltraUploader
 

Viewers also liked (18)

Algebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environmentsAlgebraic specification of computer viruses and their environments
Algebraic specification of computer viruses and their environments
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
 
A web based network worm simulator
A web based network worm simulatorA web based network worm simulator
A web based network worm simulator
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architecture
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
 
Artista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys temsArtista a network for ar tifical immune sys tems
Artista a network for ar tifical immune sys tems
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidance
 
A sense of self for unix processes
A sense of self for unix processesA sense of self for unix processes
A sense of self for unix processes
 
Autoimmune viruses
Autoimmune virusesAutoimmune viruses
Autoimmune viruses
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbot
 
Automated worm fingerprinting
Automated worm fingerprintingAutomated worm fingerprinting
Automated worm fingerprinting
 
Abstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environmentsAbstraction based intrusion detection in distributed environments
Abstraction based intrusion detection in distributed environments
 
A cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defensesA cost analysis of typical computer viruses and defenses
A cost analysis of typical computer viruses and defenses
 
Anti forensics the rootkit connection
Anti forensics the rootkit connectionAnti forensics the rootkit connection
Anti forensics the rootkit connection
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincible
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...
 

Similar to An epidemic model of mobile phone virus

AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
mordechaiguri
 
Malware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale NetworksMalware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale Networks
1crore projects
 
A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation
IJECEIAES
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
iosrjce
 
A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...
ieijjournal
 
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSSPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
ijwmn
 
A computational model of computer virus propagation
A computational model of computer virus propagationA computational model of computer virus propagation
A computational model of computer virus propagation
UltraUploader
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
ijdpsjournal
 
Investigating Wireless and Internet of Things Technologies Security Threats a...
Investigating Wireless and Internet of Things Technologies Security Threats a...Investigating Wireless and Internet of Things Technologies Security Threats a...
Investigating Wireless and Internet of Things Technologies Security Threats a...
ijwmn
 
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
ijwmn
 

Similar to An epidemic model of mobile phone virus (20)

Malware propagation in large scale networks
Malware propagation in large scale networksMalware propagation in large scale networks
Malware propagation in large scale networks
 
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
 
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-...
 
Malware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale NetworksMalware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale Networks
 
A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation A new system to detect coronavirus social distance violation
A new system to detect coronavirus social distance violation
 
P01761113118
P01761113118P01761113118
P01761113118
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...
 
L017326972
L017326972L017326972
L017326972
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
PhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - ManuscriptPhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - Manuscript
 
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSSPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
 
I017134347
I017134347I017134347
I017134347
 
Modeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus EpidemicModeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
 
A computational model of computer virus propagation
A computational model of computer virus propagationA computational model of computer virus propagation
A computational model of computer virus propagation
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
Investigating Wireless and Internet of Things Technologies Security Threats a...
Investigating Wireless and Internet of Things Technologies Security Threats a...Investigating Wireless and Internet of Things Technologies Security Threats a...
Investigating Wireless and Internet of Things Technologies Security Threats a...
 
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
INVESTIGATING WIRELESS AND INTERNET OF THINGSTECHNOLOGIES SECURITY THREATS AN...
 

More from UltraUploader

01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
UltraUploader
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
UltraUploader
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
UltraUploader
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
UltraUploader
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
UltraUploader
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
UltraUploader
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
UltraUploader
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
UltraUploader
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
UltraUploader
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
UltraUploader
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
UltraUploader
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
UltraUploader
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
UltraUploader
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
UltraUploader
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
UltraUploader
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
UltraUploader
 

More from UltraUploader (20)

1 (1)
1 (1)1 (1)
1 (1)
 
01 intro
01 intro01 intro
01 intro
 
01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
 
Blast off!
Blast off!Blast off!
Blast off!
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
 
Becoming positive
Becoming positiveBecoming positive
Becoming positive
 

An epidemic model of mobile phone virus

  • 1. 1 An Epidemic Model of Mobile Phone Virus Hui Zheng1 , Dong Li2 , Zhuo Gao3 1 Network Research Center, Tsinghua University, P. R. China zh@tsinghua.edu.cn 2 School of Computer Science and Technology, Huazhong University of Science and Technology, P. R. China lidong@hust.edu.cn 3 Department of Physics, Beijing Nomarl University, P. R. China zhuogao@bnu.edu.cn Abstract Considering the characteristics of mobile network, we import three important parameters: distribution density of mobile phone, coverage radius of Bluetooth signal and moving velocity of mobile phone to build an epidemic model of mobile phone virus which is different from the epidemic model of computer worm. Then analyzing different properties of this model with the change of parameters; discussing the epidemic threshold of mobile phone virus; presenting suggestions of quarantining the spreading of mobile phone virus. Keywords: Mobile Phone Virus, Epidemic Model, Security of Wireless Network, Bluetooth, Smart Phone. 1. Introduction The first computer virus that attacks mobile phone is VBS. Timofonica which was found on May 30, 2000 [1]. This virus spreads through PCs, but it can use the message service of moviestar.net to send out rubbish short messages to its subscriber. It is propagandized as mobile phone virus by the media, but in fact it’s only a kind of computer virus and can’t spread through mobile phone which is the only attacked object. Cabir Cell Phone Worm which was found on June 14, 2000 is really a mobile phone virus [2]. It spreads from one cell phone to another by Bluetooth. Now it is found in more than 20 countries and has more than 7 variants. Cabir has the characteristic of initiative spreading and this pattern will be mostly adopted by “mobile phone virus” in the future. Table 1 lists the comparison between configuration of smart phone and computer. This table presents the most advanced desk-top computer configuration in 1998 and 1999. Generally, it takes 2 to 3 years for computer with the most advanced configuration to become popular. That is to say, when the Code Red Worm broke out in 2001, common hardware of computers in Internet was as same as the configuration in table 1. With the comparison in table 1, we can see that smart phone presently has already possessed hardware condition for computer virus spreading. Table 1. Hardware comparing between smart phone and desk-top personal computer Hardware 2005(dop od 828) 1998 PC 1999 PC CPU Intel 416MHz PentiumⅡ 333MHz Pentium III 450MHz[3] Memory 128M 32M 64M Hard Disk 2G~8G 2G 6G The development and popularization of smart phone are both very fast. According to the statistics of ARC, in 2004 the sum of smart phone is 27,000,000, accounting for 3% of the global amount of mobile phones. IDC estimates that the sum of smart phone will reach up to 130,000,000 by 2008 and account for 15% of the global amount of mobile phones [4]. So we should pay much attention to the security of smart phone. In this paper, “smart phone” is one smart mobile terminal device with the integrated ability of data transmission, processing and communication; “mobile phone virus” is a malicious code that can spread through all kinds of smart mobile terminal devices. As to the security research, though we can refer to the security research results in MANETs (Mobile Ad Hoc Networks), MANETs and Sensor network emphasize that resource is finite and all the problems about application and security should be restricted to this precondition [12]. Smart mobile terminal device emphasizes that resource is abundant, even possess the same computing ability as desk-top personal computer. So for these two security problems, the starting points of research are different. Recently, paper [5] demonstrates that traditional epidemic model of computer virus can’t be applied to virus spreading in
  • 2. 2 mobile environment and the epidemic model when the mobile phone moves with variable velocity is also discussed. But in a small area, uniform motion accords with the sport law of human being preferably. What’s more, some important parameters such as distribution density and signal coverage radius are not imported to the model. Paper [6] compares to the required condition of virus spreading in computer and gives the corresponding required condition of virus spreading in MANETs by simulation. This paper first discusses several spreading modes of mobile phone virus; The second section builds the epidemic model of mobile phone virus which imports 3 parameters: moving velocity, signal coverage radius and distribution density; The third section analyses some relevant characteristics of this model; the fourth section compares the epidemic model of mobile phone virus with the epidemic model of Internet worm and discusses the threshold of mobile phone virus breaking out. At last, we make some discussions. 2. The spreading way of mobile phone virus Though paper [7~8] presents many examples of “mobile phone virus”, many of them are not able to spread, so they are not real mobile phone virus. According to analysis of all kinds of epidemic malicious codes which have been found, such as Cabir [2], Commwarrior [9], Brador [10], Skull [11] etc, we can define mobile phone virus: it is a piece of data or program that spreads among smart mobile terminal devices by the communication interfaces and can influence the usage of handset or leak out sensitive data. Through the analysis of spreading way, we can conclude table 2: Table 2. Spreading way of mobile phone virus Wireless spreading channel Spreading distance Spreading direction Way of discovering neighbor nodes Relay (Yes or No) GPRS/CDMA 1XRTT 1000m Non-directional Appointed Yes Wi-Fi(802.11) 100m Non-directional Appointed Yes Bluetooth 10m Non-directional Automatic No IrDA 1m Directional Automatic No For the mobile phone virus that can spread by MMS and E-mail, it can transmit data by GPRS and Wi-Fi; for the mobile phone virus that spread by electronic file, it can transmit data by Bluetooth and IrDA. Although there are four wireless transmission ways, some need relay nodes or directional angle, so Bluetooth is the best choice for virus writer. In this model, we mainly consider those mobile phone viruses that spread through Bluetooth. For other ways of transmission, we will build the model in other papers. 3. The epidemic model of mobile phone propagating Supposing mobile phone has two statuses: Susceptible and infected. The infected will come back to susceptible with certain probability. In table 3, we define some symbols: Table 3. Symbol definition Symbol Instructions Ω moving space of mobile phone (2-dimmension) ρ distribution density of mobile phone (uniform distribution) v moving velocity of mobile phone (uniform velocity) r coverage radius of Bluetooth signal I The number of virus in mobile phone at time t β epidemic rate of mobile phone virus propagating δ resuming rate of the infected Then we can build the epidemic model of mobile phone virus: I I vrrI dt dI ⋅−⋅ ⋅Ω −⋅Ω ⋅−⋅⋅⋅+⋅⋅= δβ ρ ρ ρπ )1)2(( 2 Suppose: δβρβπ −−+= )2( 2 rvra , ρ βρβπ Ω −+ = )2( 2 rvr b , Then the differential equation is: 2 bIaI dt dI −= , The solution is: cat cat be ae I + + + = 1 , For )( 0tI , the initial value of c is a constant. We can conclude from the solution: if 0<a ,then 0→I , and if 0>a , then b a I → . 4. Analysis of model properties The changes of model properties with changes of different parameters are researched. Table 4 presents the range of parameters.
  • 3. 3 Table 4. The range of parameters Symbol Instruction Range Ω moving space of mobile phone (2-dimmension) 1000m * 1000m ρ distribution density of mobile phone (uniform distribution) 0.001~0.1/m2 v moving velocity of mobile phone (uniform velocity) 2m/s r coverage radius of Bluetooth signal 10m β epidemic rate of mobile phone virus 0.75 δ resuming rate of infected 0.025 0I The number of initial infected mobile phones 5 4.1. Influence of distribution density to virus spreading The connotative subject condition of equation is )2( 1 2 vrr ⋅⋅+⋅ > π ρ , mobile phone virus is able to spread when this condition is satisfied. Figure 1 shows the relationship between distribution density and infection percentage. When the subject condition is not satisfied, infection percentage is 0; when the subject condition is satisfied, the infection percentage is very sensitive to the change of distribution density, the small change of distribution density can lead to great improvement proportion of the infected. Relationship of distribution density and infection percentage 0 0.2 0.4 0.6 0.8 1 0.001 0.008 0.015 0.022 0.029 0.036 0.043 0.050 distribution density(number of mobile phone in one unit area) infection percentage Figure 1. Relationship of distribution density and infection percentage Figure 2 is the relationship between distribution density and spreading time. It shows the influence of distribution density to moving velocity. Mobile phone virus can’t spread when distribution density is small. Spreading time that the infection of mobile phone virus gets to equilibrium reflects the spreading velocity of virus. From these we can see that spreading velocity is very sensitive to the change of distribution density. Relationship between ditribution density and spreading time 0 500 1000 1500 2000 0.0029 0.0036 0.0043 0.0050 0.0057 0.0064 distribution density spreadingtime Figure 2. Relationship between distribution density and spreading time 4.2. Influence of coverage radius to virus spreading Considering the range of coverage radius of Bluetooth signal r varies from 5m to 15m. Distribution density of mobile phone is 0.005. Figure 3 is the relationship of coverage radius and percentage of the infected, which presents the influence of coverage radius to virus spreading. From these we can see that mobile phone virus can’t spread when coverage radius is very small. If it spreads, the infection percentage will change with coverage radius. Ralationship between coverage radius and infection percentage 0 0.2 0.4 0.6 0.8 1 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 coverage radius infection percentage Figure 3. Relationship between coverage radius and infection percentage Figure 4 is the relationship between coverage radius and spreading time, it presents the influence of coverage radius to spreading velocity. Virus can’t spread when coverage radius is very small. Spreading velocity is very sensitive to the changes of coverage radius.
  • 4. 4 Ralationship between coverage radius and spreading time 0 200 400 600 800 1000 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 coverage radius spreadingtime Density=0.005 Figure 4. Ralationship between coverage radius and spreading time 4.3. Influence of moving velocity to virus spreading Assuming distribution density of mobile phone is 0.0035, the range of moving velocity is 1m/s~30m/s, figure 5 is the relationship between moving velocity and infection percentage, it presents the influence of moving velocity to the spreading of mobile phone virus. For the small distribution density of mobile phone and typical coverage radius, speeding the moving velocity can result in the spreading of the virus which can’t spread before. Ralationship between moving velocity and infenction percentage 0 0.2 0.4 0.6 0.8 1 1.0 6.0 11.0 16.0 21.0 26.0 moving velocity infection percentage Density=0.0035 Figure 5. Relationship between moving velocity and infection percentage Figure 6 is the relationship between moving velocity and spreading time. It presents the influence of moving velocity to spreading velocity. From this figure we can see that increasing of moving velocity can speed up the spreading of virus. Relationship between moving velocity and spreading time 0 500 1000 1500 2000 2500 1.0 5.5 10.0 14.5 19.0 23.5 28.0 moving velocity spreadingtime Density=0.0035 Figure 6. Relationship between moving velocity and spreading time The time that virus file transfers from one mobile phone to another is fT , the discussion above supposes that the moving of mobile phone has no influence to virus spreading. If we take into account the influence of moving velocity of mobile phone, we can add one subject condition: fT r v < . When this condition is satisfied, virus can spread. When this condition is not satisfied, that is to say, mobile phone moves too fast, then the time that virus stay in the coverage area of signal is too short, virus can’t spread. 5. Results of comparison with epidemic models of worm The corresponding epidemic model of worm in computer network can be expressed as [13]: III dt dI ⋅−⋅−⋅Ω⋅= δβρ )( In computer network, ρ⋅Ω is the sum of computer and it is a fixed value in short time. The threshold of its spreading is: ρ β δ ⋅Ω< . If this condition is satisfied, worm can spread. This condition can be satisfied easily. Different from the spreading threshold of computer virus, the spreading threshold of mobile phone virus is subject to coverage radius of wireless signal, moving velocity and distribution density. According to the stabilized solution of differential equation, we can see: if 0<a , then 0→I ; for δβρβπ −−+= )2( 2 rvra , we can get a new threshold: 1)2( 2 −⋅⋅+⋅< ρπ β δ vrr . When this condition is satisfied, virus will break out; if this condition is not satisfied, virus can’t break out.
  • 5. 5 From these we can see: the condition that mobile phone virus breaks out is much more rigorous than worm in computer network. So the probability of that mobile phone virus breaks out in large area is very small, but it is possible in local area. 6. Conclusions Because of the mobility, mobile phone has some relevant characteristics: moving velocity, moving scope etc, which make the epidemic model of mobile phone virus very different from the model of computer virus and worm. We can make use of stochastic mobile model (such as Random Waypoint model, Random Direction model [14]) to build spreading model of mobile phone virus. But these stochastic models have some limitations and can’t accord with the fact preferably. For simplification of this problem, we build this model with uniform motion. Through the analysis of this model, we can conclude some measures of quarantining mobile phone virus: reducing coverage radius, such as reducing signal power, or interfering signal etc; decreasing moving velocity, such as restricting the flowage of person; lessening distribution density of mobile phone, such as controlling the moving area of someone with mobile phone; these measures have distinct differences with the usual ways of quarantining mobile phone virus spreading. Acknowledgement This work is supported in part by National Science Foundation of China under contract 60203004; by High-Tech Program (863) of China under contract 2003AA142080. Points of view in this document are those of the authors and do not necessarily represent the official position of Tsinghua University, Huazhong University of Science and Technology, or Beijing Nomarl University. References [1] Symantec. VBS.Timofonica. http://www.symantec.com/avcenter/venc/data/vbs.timofonica. html [2] Symantec. SymbOS.Cabir. http://securityresponse.symantec.com/avcenter/venc/data/sym bos.cabir.html [3] History of Computer Development. http://www.net130.com/2004/5-28/20344-4.html. (in Chinese) [4] Neal Leavitt. Mobile Phones, The Next Frontier for Hackers. IEEE Computer, 38(4): 20-23, 2005. [5] James W. Mickens, Brian D. Noble. Modeling Epidemic Spreading in Mobile Environments. WiSE’05, September 2nd , 2005, Cologne, Germany. [6] Robert G. Cole, Nam Phamdo, Moheeb A. Rajab, Andreas Terzis. Requirements on Worm Mitigation Technologies in MANETs. Proceedings of the Workshop on Principles of Advanced and Distributed Simulation (PADS’05). [7] Shi-an Wang. Principle and Defense of Mobile Phone Virus. Journal of Dal ian Institute of Light Industry, 23(1): 74- 76, 2004. (in Chinese) [8] Kai Li, Hao Chen. Virus Threats to GSM Mobile Phones. China Information Security, 7:226-228, 2005. (in Chinese) [9] Mikko Hypponen, Jarno Niemela. F-Secure Virus Descriptions Commwarrior. A. March 7th , 2005.http://www.f- secure.com/v-descs/commwarrior.shtml [10] Viruslist-Backdoor. WinCE.Brador, a Viruslist. Aug 5th , 2004. http://www.viruslist. com/en/viruslist.html?id=1984055 [11] Dan Ilet and Matt Hines. Skulls program carries Cabir worm into phones. Techrepublic. Nov 30th , 2004. http://techrepublic.com /5100-22_11-5471004.html [12] Sang ho Kim, Choon Seong Leem. Security Threats and Their Countermeasures of Mobile Portable Computing Devices in Ubiquitous Computing Environments. ICCSA 2005, LNCS 3483, pp. 79 – 85, 2005. [13] J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Computer Symposium on Research in Security and Privacy, pages 343–359, May 1991. [14] Bettstetter, H. Hartenstein, and X. Perez-Costa. Stochastic Properties of the Random Waypoint Mobility Model. ACM/ Kluwer Wireless Networks, 10(5):555–567, September 2004.