Recent Advances in Information SecurityView this Special Issue
Modeling the Propagation of Mobile Phone Virus under Complex Network
Mobile phone virus is a rogue program written to propagate from one phone to another, which can take control of a mobile device by exploiting its vulnerabilities. In this paper the propagation model of mobile phone virus is tackled to understand how particular factors can affect its propagation and design effective containment strategies to suppress mobile phone virus. Two different propagation models of mobile phone viruses under the complex network are proposed in this paper. One is intended to describe the propagation of user-tricking virus, and the other is to describe the propagation of the vulnerability-exploiting virus. Based on the traditional epidemic models, the characteristics of mobile phone viruses and the network topology structure are incorporated into our models. A detailed analysis is conducted to analyze the propagation models. Through analysis, the stable infection-free equilibrium point and the stability condition are derived. Finally, considering the network topology, the numerical and simulation experiments are carried out. Results indicate that both models are correct and suitable for describing the spread of two different mobile phone viruses, respectively.
More and more rogue programs called mobile phone virus, which can take control of a mobile device by exploiting its vulnerabilities, can be written to propagate from one phone to another. Security issues of mobile phones have become increasingly prominent. Though attacks from the mobile phone virus have not caused greater damage up to now, it is just a matter of time before it breaks out . The large population of mobile users and the wide coverage of mobile communication network  create a breeding ground for the propagation of mobile phone virus. The propagation of mobile phone virus may be more potentially destructive than the computer virus. In this regard, mobile phone virus encounters a similar situation of Internet worms, so it is necessary to research the propagation behavior of mobile phone virus in the real world and design effective containment strategies to suppress them.
The usual ways for mobile phone virus to propagate include multimedia messaging service (MMS)  interface and e-mail services on that mobile phone. MMS messages are intended to contain media content such as photos, audios, and videos, but they can also contain infected malicious codes . One noteworthy example is Commwarrior , which is the first mobile phone virus that can propagate via MMS. It searches for phone number through a user’s local address book and sends MMS messages containing infected files to other users in the address book. It is an easy way for mobile phone virus to carry out because people are more likely to open and download the contents that they received from their friends. So the mobile phone virus could be sent out in just one click and travel to any mobiles all over the world with a larger chance of success in propagation .
The mobile phone virus is in the time of high-speed development. In the present, it only reproduces and propagates by tricking mobile phone users, called user-tricking virus, but does not spread automatically. According to the development rules of the computer virus, the future trend of the mobile phone virus is that it can propagate by exploiting vulnerabilities existing in mobile phone operating systems or application software. That is, the propagation of such mobile phone virus called vulnerability-exploiting virus can be realized by itself without human participants.
The possible path through which mobile phone virus spreads depends on the social relationship of a user by exploiting the local address book or recent call records. Communications based on social network provide the environment for the spread of the mobile phone virus. And the social network will greatly influence the spread of the mobile phone virus. Recently some researchers have studied the structures of social network topologies [6–8]. They found that all of these networks are complex network and they have power-law degree distributions. Existing work on studying mobile phone virus [9, 10] does not take into account the capability of mobile phone virus to spread under complex network. Consequently this paper focuses on researching the behavior of the user-tricking virus in the present and the vulnerability-exploiting virus in the future combining the topology of the complex network.
Many particular factors can affect the propagation of mobile phone virus and its behavior is very complicated depending on the social relationship of mobile phone users. So an extremely fundamental and effective way to study the mobile phone virus is using the epidemiological models. Epidemiological models are the usual method used to understand and predict the propagation of Internet worms by many researchers [11–20].
The mobile phone virus has some commons with the Internet worms. As the behavior of mobile phone virus is more complex than that of Internet worms, it is necessary to construct a new model for virus propagation. Due to the characteristic of exponential propagation exhibited by mobile phone virus through complex network, it is challenging to model the user-tricking and vulnerability-exploiting mobile phone virus.
Through above observations, this paper models the propagation of mobile phone virus considering the characteristics of mobile phone viruses and the network topology structure. The contributions of this paper are as follows.(i)Two different propagation models of mobile phone viruses under the complex network are proposed in this paper. One is intended to describe the propagation of user-tricking virus, and the other is to describe the propagation of the vulnerability-exploiting virus.(ii)A detailed analysis is conducted to analyze the propagation models. Through analysis, the stable infection-free equilibrium point and the stability condition are derived.(iii)Considering the network topology, the numerical and simulation experiments are carried out. Results indicate that both models are correct and suitable for describing the spread of two different mobile phone viruses, respectively.
The rest of this paper is organized as follows. Section 2 presents related work about modeling the mobile phone virus. Section 3 conducts and analyzes the mobile phone virus SIS propagation model (M-SIS) and obtains the stability condition and the infection-free equilibrium point. Section 4 proposes the propagation model of vulnerability-exploiting mobile phone virus, which is called the mobile phone virus SIR propagation model (M-SIR). Section 5 describes the constructing process of complex network which is used to simulate the spread of the mobile phone virus. Section 6 concludes the paper and provides future research directions.
2. Related Work
Mobile phone users communicate and share files with their friends and they also take part in some activities or join groups online . These characteristics give hackers the opportunities to attack mobile users. As a result, the mobile phone virus can spread quickly. More and more researchers pay attention to the area of mobile phone virus. But the research on the mobile phone virus is just in the beginning stage. Fundamental research works on it have been gradually carried out in order to raise the security awareness among users.
Leavitt lists some mobile phone viruses, such as Cabir, Skulls, and Mosquito and points out increasing virus attacks to mobile phones . But he deems that a method always can be found to cope with the security issue caused by the mobile phone virus. Dwan takes the mobile phone virus “Cabir” as an example to emphasize the lack of security mechanism and expects to take certain security measures from both mobile phones’ software and hardware . Jamaluddin et al. state the damage of the mobile phone virus and predict that the mobile phone virus will develop along the path of the computer virus and cause serious security problems . Dagon et al. describe the security threat with which mobile users are faced and propose several security advices to mobile users .
With the popularity of Android platform based mobile phones, more and more attention is paid to the protection of mobile phones. Zhang et al. propose a browser-free multilevel smart phone privacy protection system by means of short message system . Based on the specific network of short message, Jin et al. proposed an epidemic model of mobile phone virus based on the efficiency of immunization to reveal the spreading rule of mobile phone virus .
Based on the similarity between a malicious worm and a biological virus, some epidemic models representing worm propagation were presented to depict the propagation of worms, for example, SIS model (susceptible-infectious-susceptible) and SIR model (susceptible-infectious-recovered) . Yao et al. research the worm propagation model by considering the time delay . They found that time delay may lead to Hopf bifurcation phenomenon which will make the worm propagation system unstable and uncontrollable.
Propagation models and the stability of mobile phone virus become an attractive research field in recent years since it facilitates worm prediction, detection, analysis and prevention, and so forth. There have been some models to simulate the mobile phone virus propagation.
Wang et al. modeled the mobility of mobile phone users in order to study the fundamental spreading patterns that characterize a mobile virus outbreak . Their results explain the lack of a major mobile virus breakout so far and predict that once a mobile operating system’s market share reaches the phase transition point, viruses will pose a serious threat to mobile communications. Zheng et al. analyze the communication of Bluetooth between mobile users and put forward a propagation model of the mobile phone virus which spreads through Bluetooth technique . Xuetao et al. propose and evaluate a SI1I2S, a competition model that describes the spread of two mutually exclusive mobile viruses across heterogeneous composite networks .
Existing propagation models of mobile phone virus focus on the specific kind of virus. This kind of virus spreads using Bluetooth or short message, which is completely different from the virus spreading using MMS.
Mobile phone virus that spreads using MMS typically exploits the social network of users to propagate from one mobile device to another. So the topology of network is a key factor for this kind of mobile virus using MMS to propagation. As far as I know no one has studied the propagation model of this kind virus. So considering the characteristics of mobile phone virus and the social network relationship, two different propagation models of mobile phone viruses under the complex network are proposed in this paper to understand how particular factors can affect their propagation and design effective containment strategies to suppress mobile phone virus.
3. Modeling the Propagation of the User-Tricking Mobile Phone Virus
3.1. M-SIS Model
The user-tricking virus only reproduces and propagates by tricking when mobile phone users are in just one click. In this regard, the following assumption is made that the propagation path of a mobile virus can be approximated by the social network of mobile devices. Given that a user A has a higher probability to open and download a message from B with whom he periodically exchanges messages, the pair of users, A-B, would be considered more vulnerable. In contrast, if user A does not exchange messages with user C, the user A is unlikely to be infected by a mobile phone virus sent by C and hence the pair of A-C is considered less likely to be included in the propagation path of the mobile virus. This kind of virus is now prevailing on current mobile phone system and is difficult to kill completely. It will mislead users to install and then execute a norm application. Even if it removed, it can do the same thing with another guise again.
An undirected graph consisting of a set of vertices and a set of edges is used to denote mobile phone communication system. Each vertex denotes a mobile in the cellular network and each edge denotes that at least one traffic flow was exchanged between mobiles and . Let denote the degree of any vertex . According to the spread property of user-tricking mobile phone virus, the epidemic states of a mobile are divided as follows: susceptible state () and infectious state ().
Susceptible state (): nodes have not been infected by any user-tricking virus but are prone to infection.
Infectious state (): nodes have been infected by user-tricking virus and they may infect some mobiles in state S.
Mobile users who have larger groups of friends in social network tend to appear in the contact list of many others . Different nodes with different vertex’s degree have different behavior to the spread of mobile phone virus. So it is necessary to study the propagation process of mobile nodes with different node’s degree.
According to the nodes’ degrees, these vertices in the undirected graph are classified into kinds of nodes. The nodes with the same degree belong to a class. Let denote the number of the th kinds of nodes while the value of ranges from 1 to . It is assumed that there are totally mobiles deployed in the communication network. So the sum of kinds of mobiles is expressed as follows:
Let represent the number of the th kinds of mobiles in the susceptible state at time. is defined as the number of the th kinds of mobiles in the infected state at time. So the number of the th kinds of mobiles can be obtained as follows:
In the social network, a mobile can leave or join the network randomly. So the “death” of a mobile is defined to refer to the fact that a phone drops out of the network for certain reason, such as breakdown. The “birth” means that the network adds a new mobile. But it is assumed that the system is a closed system and the number of “dead” rates of mobile is the same as that of the “birth” one.
The propagation modeling of user-tricking mobile phone virus under complex network called M-SIS model is proposed, which means mobile phone virus SIS (susceptible-infectious-susceptible) propagation model. In the M-SIS model, M represents mobile phone, and stands for the susceptible state while stands for the infectious state. The state transforming process of any kind of mobiles in M-SIS model is illustrated in Figure 1.
A node may change its states as follows.
Node of any kind can transit to the infectious state if it is at the susceptible state. The infection probability, also called contact infection rate, is presented by .
A mobile is not permanently immune against the virus and has a risk of reinfection. So a mobile at the infectious state can kill the virus and recover to the susceptible state. The infection recovery rate is presented by .
To maintain the balance of the network system, the “death” rate and the “birth” rate are all . The “new born” mobiles are all in the susceptible state.
The description of related parameters in M-SIS model is showed in Table 1.
Based on the above analysis and compartment model of th kind presented in Figure 1, given a topology of a mobile communication network, the number of susceptible and infected nodes of the th kind at time in the M-SIS model can be formulated by the equations as follows:
In (3), is the degree of the th kind of mobile phone nodes, where . is the infected probability that any of neighbor nodes of one mobile phone node and the expression of are as
In (4), means the average degree of nodes in the network, which can be expressed as where is the probability density of nodes with the degree . So the differential equations of the M-SIS model can be concluded as the following equation:
3.2. Infection-Free Equilibrium Point
The infection-free equilibrium refers to the fact that the mobile virus gets removed and the number of infected mobiles remains 0. To derive the infection-free equilibrium point, let both and be equal to 0, and the following expression is obtained as
When , and can be calculated as follows, where :
The number of the th kinds of mobile phones in the susceptible state is , while that of the th kinds of mobile phones in the infectious state is 0. The infection-free equilibrium point of the mobile phone virus propagation system under the M-SIS model is thus .
3.3. Stability of the Infection-Free Equilibrium
Though the user-tricking virus is difficult to completely kill and mobiles are not permanently immune, it is ensured that the number of infected mobiles can dynamically remain 0. It means that the infection-free equilibrium can be achieved. Its stability for the propagation system of the mobile phone virus will be discussed.
Theorem 1. If the basic reproduction number , the propagation system under the M-SIS model of mobile phone virus will stabilize at the infection-free equilibrium point:
Proof. Let and put it into (3); the following equation can be obtained:
Two equations from (10) are given the partial derivative with the aspects of and then set . dimensional matrix is obtained, where , :
Similarly, when , we take the derivative of formula (3) with the aspects of and then set . With matrix (11), a dimensional matrix is obtained:
According to , eigen values of matrix (12) are all equal to . Lines or columns including any of these eigen values are removed, and a dimensional matrix is obtained:
A series of transformations for matrix (13) are performed, and then the following matrix is given:
Obviously, the matrix (14) has an upper triangular one, and its characteristic equation is as follows:
From (15), the characteristic values are obtained:
According to Routh-Hurwitz criterion, if and only if all of characteristic values are less than zero, the propagation system will eventually be stable at the equilibrium point . Obviously, are negative and the stability relies on . If is less than 0, the equilibrium will be achieved. By transformation, the stability condition is derived as
The proof is complete.
Corollary 2. When the degree of a mobile node grows, the basic reproduction number gets increased, which means that it increases difficulty in realizing the stability for the propagation system of the mobile phone virus.
Proof. Equation (17) can be converted into the following inequality:
Obviously, is a monotonic function of . When the degree of the mobile phone node is increased, will also grow. It makes (18) more difficult to be satisfied. Corollary 2 is thus drawn.
4. Modeling the Propagation of the Vulnerability-Exploiting Mobile Phone Virus
4.1. M-SIR Model
According to the development of virus, the mobile virus will eventually become a mobile worm which is called vulnerability-exploiting virus. The vulnerability-exploiting virus will automatically propagate by exploiting vulnerabilities existing in mobile phone operating systems or application software. Patching can be applied to repair vulnerabilities and then protect mobile phones from attacks. According to the spread property of vulnerability-exploiting virus, the epidemic state of a node is divided as follows: susceptible state (), infectious state (), and recovered state ().
Susceptible state (): nodes have not been infected by any user-tricking virus but are prone to infection. Infectious state (): nodes have been infected by vulnerability-exploiting virus and they may infect some nodes in state S. Recovered state (): nodes are cleaned of vulnerability-exploiting virus and immune to the same type of cleaned virus.
The propagation modeling of vulnerability-exploiting mobile phone virus under complex network called M-SIR model is proposed, which means mobile phone virus SIR (susceptible-infectious-recovered) propagation model. The state transforming process of any kind of nodes in M-SIR model is illustrated in Figure 2.
In the M-SIR model, a node in the th kind can transit to the infectious state if it is at the susceptible state. The infection probability is presented by . The infectious node can clean the virus through patching with the immune rate . Once patched, the mobile is immune to the virus permanently. The susceptible node can also be patched in advance of infection with patching rate and transits to the recovered state. To maintain the balance of the network system, the “death” rate and the “birth” rate are all . The “new born” mobiles are all in the susceptible state. But the “new born” mobiles become not only susceptible ones but also “immune” ones, because new mobiles may install new versions of software with patches. The description of related parameters in M-SIR model is shown in Table 2.
Define as the number of the th kinds of immune mobiles at time . A mobile can be in one of three states for a time, and the sum for three classes of mobiles is as
According to the above analysis and state transition graph in Figure 2, given a topology of a social network, the number of susceptible, infected, and recovered nodes of the th kind at time in the M-SIR model can be presented by
There are kinds of nodes in the network, so the differential equations of the M-SIR model can be concluded as the following equation:
4.2. Infection-Free Equilibrium Point
There are total kinds of nodes. Each kind of nodes has an infection-free equilibrium point. So the infection-free equilibrium point of the mobile phone virus propagation system under the M-SIR model is , where
4.3. Stability of the Infection-Free Equilibrium
Theorem 3. If the basic reproduction number , the mobile phone virus propagation system under the M-SIR model will stabilize at the infection-free equilibrium point:
Proof. Take the partial derivative of three equations to the right in (20) with the aspects of . With , a dimensional matrix is given:where , .
Removing the lines and columns including , a matrix of dimensional is given as follows:
The second column of the matrix (26) multiplying by is added to the first column, and then the third column multiplying by is added to the second column and so on. After that, the first row multiplying by is added to the second row, and then the second row multiplying by is added to the third row and so on. The following matrix is thus obtained:
The characteristic equation of (28) is showed as follows:
The characteristic values are as follows:
According to Routh-Hurwitz criterion, if and only if all of the characteristic values are less than zero, the propagation system will eventually be stable at the equilibrium point . By transformation of , the stability condition is obtained as
The proof is complete.
5. Constructing the Network Topology
The attacks target of the mobile virus is to infect the smart phone. The propagation path of mobile virus obeys the mobile user’s social network, which has its own characters and greatly affects the propagation of the mobile phone virus. Thus it is indispensable to construct such a network to simulate the propagation of the mobile phone virus and validate our models.
The social network which is the propagation environment of mobile virus is a typical complex network. In the real world lots of networks have been proved to be complex network such as World Wide Web and email. The complex network has the following two characteristics: the degree of a node follows the power-law distribution and the network appears as small-world phenomenon. It is hard to put the real mobile virus into the real mobile network. So network topology generator called Inet3.0 is used to create a complex network to simulate the environment of mobile virus.
Inet is a topology generator developed by the University of Michigan and its current version has been upgraded to 3.0. When giving the total number of nodes, Inet3.0 could output the information of nodes including the position, degree, and the neighbors. Inet3.0 simulates the topology structure of the Internet and it accords with the characteristics of the complex network. Firstly, nodes’ degrees generated by Inet3.0 follow the power-law distribution. Secondly, the characteristic path length created by Inet3.0 is short, which reflects the effect of the small-world phenomenon of social network. However, the clustering coefficient of the network built by Inet3.0 is relatively large. The network generated by Inet3.0 is much closed to the complex network and can be applied for simulating the propagation of the mobile phone virus.
In this paper, Inet3.0 is used to build a complex network which contains 10000 nodes. There are 118 different kinds of degrees among which the biggest value is 1799 and the least one is 1. Due to the high density of the topology and the page limit, it is difficult to differentiate the connectivity between nodes. Figure 3 shows the distribution and the connectivity of only 130 nodes in the topology structure, and the degrees of them are the biggest of all 10000 nodes.
Among the 130 nodes, the 30 red nodes are those with the biggest degrees; the 30 green ones are those with bigger degrees; the 30 blue ones are those with smaller degrees; the 40 yellow ones are those with the smallest degrees.
6. Numerical and Simulation Experiments
To verify the accuracy of theoretical analysis and the correctness of both M-SIS and M-SIR models, the numerical and simulation experiments are separately carried out. Numerical experiments are based on iterations of formulae and can directly reflect the property of the models. It is hard to simulate the real propagation environment of mobile phones virus. So the simulation experiments are carried out like other researchers [22–30]. Our simulation is a discrete-time simulation and well embodies the propagation of viruses in which node data are obtained on a time interval every second. Different from numerical experiments, the simulation imitates the real environment and is more closed to reality.
To raise the accuracy, the experiments under the same condition are carried out for 100 times, and the experiment result is derived from the average of 100 results. Algorithm 1 is the algorithm of the simulation which embodies the topology of the network. It is noted that one susceptible mobile can only be infected by its neighboring infected mobiles. The two-dimensional array Link_Matrix is used to store the joined relationship between nodes.
6.1. Experiment for the M-SIS Model
The parameters in our experiments are chosen based on the research results of Zou et al.  and Wang et al. . Due to the limit of computer memory and Inet3.0, 10,000 mobile phone nodes are set in our network system.
The contact infection rate of the mobile phone virus is set at 0.00003 with the same magnitude of the initial infection rate in Zou et al.’s research . Similarly, the death/birth rate is assigned to be 0.00002 based on Wang et al.’s study . The recovery rate is assumed to set 0.1. At the beginning, the mobile phone virus spreads along the edges of mobile phone nodes which own few contacts with others and then attacks core nodes. Therefore, there are 10 infected mobile phones with the degree of 1 initially, which means that the initial infected nodes only have one contact with other nodes.
The numerical results of the number of susceptible, infected mobile phones over time in M-SIS model are showed, respectively, in Figure 4.
To observe the propagation of the mobile user-tricking virus, virus-killing measure is taken after the 90 s, and sharp points appear in the curves at 90 s.
According to Theorem 1, the basic reproduction number is about 0.8 with the above parameters. It means that the propagation system of the mobile user-tricking virus under the M-SIS model will be eventually stable at its infection-free equilibrium point. Obviously, the number of infected mobile phones shrinks to 0 and that of susceptible ones is up to 10000 in Figure 4, which indicates that the infection-free equilibrium is achieved. The accuracy of theoretical analysis gets verified.
To check the correctness of M-SIS propagation model, the simulation experiments have been executed and the simulation results are compared with numerical results under the same parameters as shown in Figure 5.
(a) Compare the number of susceptible mobiles in numerical and simulation result
(b) Compare the number of infectious mobiles in numerical and simulation result
Figure 5(a) compares the number of susceptible mobiles in numerical and simulation result and Figure 5(b) compares the number of susceptible mobiles. It is seen that the numerical curves match the simulation ones very well, which verifies the correctness of the M-SIS propagation model.
The affections of different parameters on the mobile user-tricking virus propagation model are tested. The contact infection rate is firstly discussed. is specified as 0.00002, 0.00003, 0.00004, 0.00005, 0.00006, and 0.00007, respectively, and other parameters remain unchanged. With different contact infection rates, the propagation trends of the mobile user-tricking virus are showed in Figure 6.
The increase of the contact infection rate can fasten the propagation of mobile user-tricking virus. But when it increases to certain extent, the impact of the mobile user-tricking virus goes down. The larger contact infection rate is, the more nodes are infected. So the contact infection rates can rapid the propagation speed and wide the propagation scope of mobile user-tricking virus.
The infection recovery rate is also discussed while other parameters remain unchanged. is set at 0.05, 0.06, 0.07, 0.08, 0.09, and 0.1 respectively, and the propagations trends of the mobile user-tricking virus are given in Figure 7.
With the increase of , the number of infected nodes decreases, but all the curves reach the peak at the same time. It means that the infection recovery rate can only affect the spread scope of mobile user-tricking virus. It cannot rapid the propagation speed.
6.2. Experiment for the M-SIR Model
In this experiment, the patching rate for infected mobiles is 0.01 based on the research of Wang et al. . The root of mobile vulnerability-exploiting virus existing is software vulnerabilities which are inevitable during the design and implementation process of software and hard to detect. Due to lots of bandwidth consumption the patch cannot be distributed in time, so the patching rate for susceptible mobile phones is relatively small and is set as 0.0001. And it is assumed that the probability that the “new born” mobile phone becomes susceptible one is 0.6. Other parameters are set the same as the ones in the M-SIS model.
The numerical results of the susceptible, infected, and immune mobile phones in the M-SIR model are given in Figure 8.
All infected mobile phones vanish and the population in the long term is in an immune state. According to Theorem 3, the basic reproduction number is about , which means that the propagation system of mobile phone virus under the M-SIR model will stabilize at its infection-free equilibrium point. In Figure 8 the susceptible, infected, and immune state mobile phones all reach their equilibrium points. This is fully consistent with the conclusions of Theorem 3.
The numerical results and simulation ones in susceptible, infected, and immune mobile phones, respectively, under the M-SIR model are shown in Figure 9.
(a) Comparison in the number of susceptible mobiles
(b) Comparison in the number of infectious mobiles
(c) Comparison in the number of immune mobiles
The simulation curves of all states are almost consistent with the numerical ones which prove the correctness of the M-SIR model. The effect of contact infection rate to the propagation of vulnerability-exploiting mobile phone virus is shown in Figure 10.
Figure 10 shows the propagation trends of vulnerability-exploiting mobile phone virus with six different contact infection rates. With the increasing of the contact infection rate, the spread speed of the vulnerability-exploiting mobile phone virus is promoted, which makes the vulnerability-exploiting mobile phone virus reach the peak with little time. The scope of vulnerability-exploiting mobile phone virus also widens with the higher contact infection rate. The higher contact infection rate is the more nodes are infected. But the impact on the propagation is weakening with going up to some extent.
The performance of the immune rate to the propagation of vulnerability-exploiting mobile phone virus is discussed in Figure 11.
Figure 11 gives the propagations of the vulnerability-exploiting mobile phone virus with five different immune rates. The immune rate can affect the speed and scope of propagation. Obviously, the more the immune rate is, the weaker the spread capability of the vulnerability-exploiting mobile phone virus is. Therefore, in order to guarantee normal applications of mobile phones and suppress the propagation speed and the propagation scope of mobile phone virus, we should choose a reasonable value for immune rate .
The objective of this paper is to model two kinds of mobile phone virus under two important factors (viz., the characteristics of mobile phone viruses and the network topology structure) and then to find out certain means to suppress the propagation of mobile phone virus. The M-SIS and M-SIR propagation models for mobile phone viruses are proposed, combining with the structural characteristics of the complex network.
The M-SIS propagation model is effective to predict the propagation of the user-tricking mobile phone virus. It reflects the characteristic of the mobile virus, which is difficult to completely remove, and the removed mobile phone virus can reinfect the same mobile phone.
The M-SIR propagation model is suitable to describe the vulnerability-exploiting mobile phone virus. It reflects the characteristic of the mobile virus, which spreads by exploiting vulnerabilities, and the mobile phone can be immune to the mobile phone virus after virus removal and patching.
Through analysis, the stable infection-free equilibrium point and the stability condition of the two propagation models are derived. The basic reproduction numbers and are given, which can determine whether the mobile phone virus extinguishes. When and , the proposed M-SIS and M-SIR models have only a worm-free equilibrium, respectively, which is globally stable and implies that the worm dies out eventually. Then some numerical and simulation experiments are carried out which prove that our models are correct and fully consistent with the conclusions of our analysis. Our future work will expand this model which can characterize more features of mobile phone virus, for example, taking delay or impulse into consideration.
Conflict of Interests
The authors declare that there is no conflict of interests regarding the publication of this paper.
This paper is supported by the Fundamental Research Funds of the Central Universities under Grant no. N120317001, Program for New Century Excellent Talents in University (NCET-13-0113), Natural Science Foundation of Liaoning Province of China under Grant no. 201202059, and Program for Liaoning Excellent Talents in University under LR2013011.
Ericsson, “Traffic and market data report,” 2011, http://www.ericsson.com/res/docs/2012/tmd_report_feb_web.pdf.View at: Google Scholar
M. Ghaderi and S. Keshav, “Multimedia messagingservice: system description and performance analysis,” in Proceedings of the 1st International Conference on Wireless Internet, pp. 198–205, 2005.View at: Google Scholar
Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and A. Nucci, “A social network based patching scheme for worm containment in cellular networks,” in Proceedings of the 28th IEEE International Conference on Computer Communications (IEEE INFOCOM '09), pp. 1476–1484, Rio de Janeiro, Brazil, April 2009.View at: Publisher Site | Google Scholar
A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and S. Bhattacharjee, “Measurement and analysis of online social networks,” in Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 29–42, 2007.View at: Google Scholar
R. Kumar, J. Novak, and A. Tomkins, “Structure and evolution of online social networks,” in Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 611–617, 2006.View at: Google Scholar
A. Yong-Yeol, H. Seungyeop, K. Haewoon, M. Sue, and J. Hawoong, “Analysis of topological characteristics of huge online social networking services,” in Proceedings of the 16th International Conference on World Wide Web, pp. 835–844, 2007.View at: Google Scholar
C. Fleizach, M. Liljenstam, P. Johansson, G. M. Voelker, and A. Mehes, “Can you infect me now?: malware propagation in mobile phone networks,” in Proceedings of the ACM Workshop on Recurring Malcode, pp. 61–68, 2007.View at: Google Scholar
F. Li, Y. Y. Yang, and J. Wu, “CPMC: an efficient proximity malware coping scheme in smartphone-based mobile networks,” in Proceedings of the 29th IEEE Conference on Information Communications (INFOCOM '10), pp. 2811–2819, San Diego, Calif, USA, 2010.View at: Google Scholar
J. O. Kephart and S. R. White, “Directed-graph epidemiological models of computer viruses,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 343–361, 1991.View at: Google Scholar
J. O. Kephart and S. R. White, “Measuring and modeling computer virus prevalence,” in IEEE Computer Security Symposium on Security and Privacy, pp. 2–15, 1993.View at: Google Scholar
C. Zou Cliff, D. Towsley, and G. Weibo, “On the performance of internet worm scanning strategies,” Performance Evaluation, vol. 63, no. 7, pp. 700–723, 2008.View at: Google Scholar
C. W. John and J. M. David, “Modelling computer virus prevalence with a susceptible-infected-susceptible model with reintroduction,” Computational Statistics Data Analysis, vol. 45, no. 1, pp. 3–23, 2004.View at: Google Scholar
Y. B. Kafai, “Understanding virtual epidemics: children's folk conceptions of a computer virus,” Journal of Science Education and Technology, vol. 17, no. 6, pp. 523–529, 2008.View at: Google Scholar
F. Wang, Y. Zhang, C. Wang, J. Ma, and S. Moon, “Stability analysis of a SEIQV epidemic model for rapid spreading worms,” Computers and Security, vol. 29, no. 4, pp. 410–418, 2010.View at: Google Scholar
W. Fan and K. H. Yeung, “Online social networks-Paradise of computer viruses,” Physica A: Statistical Mechanics and Its Applications, vol. 390, no. 2, pp. 189–197, 2011.View at: Google Scholar
B. Dwan, “The mobile phone virus,” Network Security, vol. 7, pp. 14–15, 2004.View at: Google Scholar
J. Jamaluddin, N. Zotou, R. Edwards, and P. Coulton, “Mobile phone vulnerabilities: a new generation of malware,” in Proceedings of the IEEE International Symposium on Consumer Electronics, pp. 199–202, 2004.View at: Google Scholar
D. Dagon, T. Martin, and T. Starner, “Mobile phones as computing devices: the viruses are coming!,” Pervasive Computing, vol. 3, no. 4, pp. 11–15, 2004.View at: Google Scholar
W. Xuetao, N. C. Valler, M. Faloutsos, I. Neamtiu, B. A. Prakash, and C. Faloutsos, “Smartphone viruses propagation on heterogeneous composite networks,” in Proceedings of the IEEE 2nd Network Science Workshop, pp. 106–109, 2013.View at: Google Scholar
M. E. J. Newman, S. Forrest, and J. Balthrop, “Email networks and the spread of computer viruses,” Statistical, Nonlinear, and Soft Matter Physics, vol. 66, Article ID 035101, 2002.View at: Google Scholar
C. C. Zou, D. Towsley, and W. B. Gong, “Code red worm propagation modeling and analysis,” in Proceedings of the 9th ACM Conference on Computer and Communication Security (CCS '02), pp. 138–147, 2002.View at: Google Scholar