Muhammad Adeel

Analysis of Mobile P2P Malware Detection Framework through Cabir & Commwarrior Families

Mobile Peer-to-Peer (P2P) malware has emerged as one of the major challenges in mobile network security in recent years. Around four hundred mobile viruses, worms, trojans and spy ware, together with approximately one thousand of their variants have been discovered to-date. So far no classification of such mobile P2P security threats exists. There is no well known simulation environment to model mobile P2P network characteristics and provide a platform for the analysis of the propagation of different types of mobile malware. Therefore, our research provides a classification of mobile malware based on the behaviour of a node during infection and develops a platform to analyse malware propagation. It proposes and evaluates a novel behaviour-based approach, using AI, for the detection of various malware families. Unlike existing approaches, our approach focuses on identifying and classifying malware families rather than detecting individual malware and their variants. Adaptive detection of currently known and previously unknown mobile malware on designated mobile nodes through a deployed detection framework aided by AI classifiers enables successful detection. Although we have classified around 30% of the existing mobile P2P malware into 13 distinct malware families based on their behaviour during infection, this paper focuses on two, Cabir & Commwarrior, in order to analyse the proposed detection framework.

Propagation Analysis of Malware Families in Mobile P2P Networks

Viral propagation modelling acts as sandbox for testing intensity of malware, understand patterns adopted for malware propagation and consequently help device strategies for malware detection. Success of P2P networks has encouraged mobile vendors to offer P2P services on mobile networks. Handheld mobile devices though constrained in memory, power and processing resources are capable of using communication technologies like Bluetooth, MMS, SMS, Infrared and WLAN services. Such versatility has however exposed mobile devices to threats like mobile P2P malware. With the number of mobile phone malware escalating to an alarming figure of more than one thousand, it has become ever more important to analyze the affects of propagation of such malware in the wild that could subsequently act as the baseline for protection against such malware. This paper initially presents propagation analysis of generic mobile P2P malware categories and then provides a detailed analysis of propagation of real-world malware from three malware families accommodating around 100 well known mobile P2P malware. Paper is aimed at providing a much needed insight into propagation characteristics of mobile P2P malware like their propagation speed and battery depletion affect.

Overhead analysis of security implementation using IPSec

Authentication, access Control, encryption and auditing make up the essential elements of network security. Researchers have dedicated a large amount of efforts to implement security features that fully incorporate the use of all these elements. Currently, data networks mainly provide authentication and confidentiality services. Confidentiality alone is not able to protect the system, thus, suitable security measures must be taken. However, this security is itself an overhead which must be accounted for. A trade-off must exist between performance and security. This trade-off must be carefully managed so as not to deteriorate the systems being secured. This calls for the true cost of security to be accurately measured. This research work measures the overheads involved in implementation of security using IPSec in different wired/wireless data network protocols.

A Distributed Framework for Passive Worm Detection and Throttling in P2P Networks

We analyse different worm and patch propagation models along with the ones we have developed and evaluated as a part of our ongoing passive P2P worm & patch modelling project. This is followed by a brief discussion on worm detection mechanisms proposed by various authors. Towards the very end of this article, we propose a distributed framework for passive worm throttling in P2P networks and discuss its feasibility and efficiency keeping in view different design considerations.

LOC algorithm: location-aware opportunistic forwarding by using node’s approximate location

Purpose – This paper aims to propose an algorithm, location-aware opportunistic content forwarding (LOC), to improve message directivity using direction vectors in opportunistic networks. The LOC is based on the assumption that if approximate location of the destination node is known, then overall message delivery and cost can be improved. Efficient message delivery with low communication cost is a major challenge in current opportunistic networks. In these networks, nodes do not have prior knowledge of their recipients, and message forwarding can be achieved by selecting suitable forwarder based on some forwarding criteria, as compared to its ancestor mobile ad hoc networks. Design/methodology/approach – In this paper, the authors tested LOC in two sets of mobility models, synthetic movement model and real mobility data sets. In the first set, working day movement is used as synthetic movement model, where proposed algorithm is compared against Lobby Influence (LI) and Epidemic algorithms. In the second set of experiments, the new algorithm is tested in three mobility data sets, namely, Cambridge, Reality and Sassy, and results compared against LI algorithm. The reason of using various movement models is to establish strengths and weaknesses of the proposed algorithm in different scenarios. Findings – The experimental results show that the new algorithm performed extremely well in different scenarios, not only in terms of overall message delivery but also successfully managed to reduce the communication cost. Originality/value – The new contribution increases the overall energy and storage efficiency of nodes by targeting relevant forwarding nodes in the network.

Recognising indoor/outdoor activities of low entropy people using Bluetooth proximity and object usage data

– Recognizing daily life activities and human behaviour from contextual information is a challenging task. The purpose of the research work in this paper is to develop a system that can detect indoor and outdoor daily life activities of low entropy mobile people such as elderly people and patients with regular routines using non-intrusive sensor and contextual information. , – A framework is proposed that utilises a hierarchical approach in which high-level activities are divided into sub-activities and tasks and recognises the high-level outdoor and indoor activities of daily life. Tasks are recognised at lower level from sensor data and then used by the “activity recogniser” at higher level to recognise the high-level activities. For outdoor activities recognition, wireless proximity data are used, whereas for indoor activities, object usage data obtained through radio frequency identification sensors are used. , – For outdoor tasks, results have shown 100 per cent recognition for experiment 1 and a decrease in recognition from 100 to 82.7 per cent, respectively, for experiment 2-9 due to increase in the entropy of individual tasks. Outdoor activity recognition ranges from 84.1 to 100 per cent. For indoor tasks, generating alternative tasks sequences approach effectively recognised the single tasks that were conducted with objects without any order. Average indoor activity recognition rate remains above 90 per cent. The reason why this approach is able to detect the activities without their distinct features is the planning capability of the Asbru that is used in the modelling of high-level activities. , – The novelty of this research work is a framework that utilises different types of sensor data and recognises both indoor and outdoor daily life activities of individuals.

LOC: Location-aware opportunistic content forwarding using direction vectors

In opportunistic networks, nodes do not have prior knowledge of the routes to their intended destinations. The major challenge is to keep the communication cost minimum during the transfer of information towards intended destinations. An improvement can be realised if nodes are aware of their current position in the network through some technological means such as GPS, GSM or WLAN access points. With the knowledge of nodes position in the network, high message directivity can be achieved by using simple concepts of direction vectors. Based on this observation, this paper presents a new algorithm named as Location-aware opportunistic content forwarding (LOC), which is compared against two other algorithms previously proposed. The experimental results have shown that the new algorithm performed extremely well, not only in terms of overall message delivery ratio but also successfully manages to reduce the communication cost with minimum delay.

Identifier based key distribution protocol for Wireless Sensor Networks

Wireless Sensor Networks are being widely deployed for their inimitable characteristics. Besides benefiting through the features of scalability and coverage, these networks are prone to many security threats including Denial of Service (DoS) attacks. There are many aspects of security in sensor networks but our work focuses on key distribution and sharing protocols. We conduct a critical study of different key distribution & sharing protocols and analyze them for the possibilities of DoS attacks. We also propose Identifier Based Key Distribution Protocol that provides the solution for varied Battery Exhaustion Attacks in these protocols.