Can-You-Infect-Me-Now-Malware-Propagation-in-Mobile-Phone-你能感染我现在的手机恶意软件的传播课件_第1页
Can-You-Infect-Me-Now-Malware-Propagation-in-Mobile-Phone-你能感染我现在的手机恶意软件的传播课件_第2页
Can-You-Infect-Me-Now-Malware-Propagation-in-Mobile-Phone-你能感染我现在的手机恶意软件的传播课件_第3页
Can-You-Infect-Me-Now-Malware-Propagation-in-Mobile-Phone-你能感染我现在的手机恶意软件的传播课件_第4页
Can-You-Infect-Me-Now-Malware-Propagation-in-Mobile-Phone-你能感染我现在的手机恶意软件的传播课件_第5页
已阅读5页,还剩57页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

MobileMalwareLikenormalmalware,butonmobilephones(smartphonesanddumbonestoo)‏Whyworryaboutmobilemalware?“combinationofvulnerableplatforms(symbian),unsuspectingusers,andexplosivegrowthinpotentialvictimswillinevitablyattractpropagatingmalware”MobileMalwareLikenormalmalwWhatMakesThisPaperDifferent?Previousmalwarepropagationresearch:ProximityPropagationBluetooth,etcThisresearch:FocusesonpropagationviathetelecommunicationsnetworkWhatMakesThisPaperDifferenWhyMobleMalware?

(fromthebadguy'sperspective)‏SmartphonesarealotlikePCs:marketshareperOS(72%symbian)‏softwarevulnerabilitiesexistExploitedsmartphonescouldprovideanattackerwithmeansto:stealprivatedata/users'identitiesspammakefreecallsexecute(D)DoSWhyMobleMalware?

(fromthebMainPaperGoal(s)‏SimulatetheeffectsofmobilemalwarepropagationviathetelecommunicationsnetworkSimulatedbothVoIPmalwareandMMSmalwareDrawsomeconclusionsfordefendingMainPaperGoal(s)‏SimulatethSimulatorEventDriven,CustomCode.(sotheycouldbetteradaptfortheirneeds)‏1secondstepsize,stepping12hoursInfectionbeginningatasinglephoneTelecomNetworkUMTSTopologyBostonMetroAreaSimulatorEventDriven,CustomNetwork:UMTSUMTSisthe3GsuccessortoGSM(2.5G/GPRS,2.75G/EDGE)‏NetworksideisverysimilartoGSM,airinterfacesidechangedtosupporthigherdatarates.Signalingandcontrolarenegligible(ignoredinthemodel)‏Network:UMTSUMTSisthe3GsuTopology:BostonMetroArea100sqmiles,dividedinto1sqmilecellsMobileStationDistributionfromUSCensusdatascaledby78%(bycellphonepenetration)‏MobilityisnotmodeledAuthorsspeculatethebottleneckwillbeinthenetwork,notattheairinterfaceTopology:BostonMetroArea100SimplifiedUTMSNetworkSimplifiedUTMSNetworkSimulationConstructionAssumenormalMMSusageisbasedonachargepermessageMMSServerCapacityServerhandles100msg/sec,althoughhigherratesweresimulatedwith“aqualitativelysimilarresult”Authorsexplanation:MMSserverwillnotbedimensionedtohandleusersbehavinglikeanaggressiveworm(i.e.,sendinglargenumbersofmessagesasquicklyaspossible).Bottom-updesignoftheUMTSNetworkSimulationConstructionAssumeSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkModeledUTMSNetworkModeledUTMSNetworkSimulationParameters1singleserverserving100msg/sec49serversserving10kuserseach49servers9616NodeB's2Mbps100Mbps1GbpslinksbetweenSGSNsSimulationParameters1singleSimulationNotes“ThegranularityofourNodeBplacementwasalimitingfactorofourinitialpopulationdata.Afinergranularitywould,nodoubt,offeramoredetailedandaccuratepictureofmalwarepropagation.”SimulationNotes“ThegranulariSpreadingviaPhonebooks/ContactListsNopublishedstudiesofaddressbookcharacteristicsfound,so:1-1000contacts(upperlimitfromempiricaldataonphonebookmaximums)‏Phonebook/contactdegreedistributionsbasedonstatisticalanalysisSpreadingviaPhonebooks/ContPhonebook/contactdegreedistributions

(forcontactlistsize)‏Power-Law:fromyahooemailgroups,andotherauthors'research.Log-Normal:fromsocialnetworkingwebsites'statistics.ErlangDist:fromauthors'experiment(butverysmallsamplesizeof73)‏Phonebook/contactdegreedistrNodeAttachment...youdontcalleverybodyinyouraddressbookProbabilisticallyrandomlyassignaddressbooksizebasedondistribution,then...70%-“Theprobabilitythattwouserswerefriendswasproportionaltotheinverseofthenumberofpeoplebetweenthem.”(fromLiveJournalstudy)‏30%uniformlyrandomlyassignedNodeAttachment...youdontcAttackVector:VoIPAssumesvulnerableserviceonthemobilephonewhichdoesnotrequireuserinteractionAssumeallphonesarevulnerable.(Authorsnotethatinrealityafractionwouldbevulnerable,andtheystateaqualitativelysimilarresult)‏AttackVector:VoIPAssumesvulSimulatedPropagationofVoIPMalware“...constrainedbandwidthshouldalsobeconsidered;butdoingsorequiresestimatingtypicaltrafficcharacteristics,andwelackedmeaningfuldataonwhichtobasesuchestimates.”---?????SimulatedPropagationofVoIPTechniquesforFasterPropagationofVoIPMalware(andSimulationResults)‏Divideanddistribute(transfer)contactsfromaddressbookCongestionbackoff(wait)10sTechniquesforFasterPropagatAttackVector:MMSHandledbycentralMMSserverRequiresuserinteractiononlyapercentage“F”actonmessageCanbedonewhilephoneisoffSothereisawaittimetoanswermessages.MixtureoftwoGaussiandistributionscenteredat20s&45mAttackVector:MMSHandledbycSimulatedPropagationofMMSMalwareSimulatedPropagationofMMSMTechniquesforFasterPropagationofMMSMalwareCongestionbackoff(10s)‏Notverymuchadvantage,duetoMMScentralserverconstraint.DivideanddistributecontactsfromaddressbookSameasaboveGlobalcontactbookmethodInfectedhalfthepopulationin12hrs.(whatFvalue?)‏TechniquesforFasterPropagatFasterMMSMalwarePropagationFasterMMSMalwarePropagationDefendingAgainstMobileMalwarePropagationinTelecom.Networks(Thissectioniswaytoosmallinthepaper,wouldhavelikedtoseemoreonthis.)‏RateLimitingACCELLERATESinfection!(sameascongestionavoidance)‏BlacklistingContainmentlargenumberstillgetinfectedmoreslowly(nodetailsgivenon%).removingphonesleadstoalesscongestednetworkforthoseinfectedbutnon-blacklistedphonesContentFiltering“Seemspromisingduetocentralizedtopology.”"Investigatingwhetherit'spracticalremainsfuturework."(andtheydidntprovideanyinformationonhowpromisingorwhy)‏DefendingAgainstMobileMalwaQuestions?Questions?MobileMalwareLikenormalmalware,butonmobilephones(smartphonesanddumbonestoo)‏Whyworryaboutmobilemalware?“combinationofvulnerableplatforms(symbian),unsuspectingusers,andexplosivegrowthinpotentialvictimswillinevitablyattractpropagatingmalware”MobileMalwareLikenormalmalwWhatMakesThisPaperDifferent?Previousmalwarepropagationresearch:ProximityPropagationBluetooth,etcThisresearch:FocusesonpropagationviathetelecommunicationsnetworkWhatMakesThisPaperDifferenWhyMobleMalware?

(fromthebadguy'sperspective)‏SmartphonesarealotlikePCs:marketshareperOS(72%symbian)‏softwarevulnerabilitiesexistExploitedsmartphonescouldprovideanattackerwithmeansto:stealprivatedata/users'identitiesspammakefreecallsexecute(D)DoSWhyMobleMalware?

(fromthebMainPaperGoal(s)‏SimulatetheeffectsofmobilemalwarepropagationviathetelecommunicationsnetworkSimulatedbothVoIPmalwareandMMSmalwareDrawsomeconclusionsfordefendingMainPaperGoal(s)‏SimulatethSimulatorEventDriven,CustomCode.(sotheycouldbetteradaptfortheirneeds)‏1secondstepsize,stepping12hoursInfectionbeginningatasinglephoneTelecomNetworkUMTSTopologyBostonMetroAreaSimulatorEventDriven,CustomNetwork:UMTSUMTSisthe3GsuccessortoGSM(2.5G/GPRS,2.75G/EDGE)‏NetworksideisverysimilartoGSM,airinterfacesidechangedtosupporthigherdatarates.Signalingandcontrolarenegligible(ignoredinthemodel)‏Network:UMTSUMTSisthe3GsuTopology:BostonMetroArea100sqmiles,dividedinto1sqmilecellsMobileStationDistributionfromUSCensusdatascaledby78%(bycellphonepenetration)‏MobilityisnotmodeledAuthorsspeculatethebottleneckwillbeinthenetwork,notattheairinterfaceTopology:BostonMetroArea100SimplifiedUTMSNetworkSimplifiedUTMSNetworkSimulationConstructionAssumenormalMMSusageisbasedonachargepermessageMMSServerCapacityServerhandles100msg/sec,althoughhigherratesweresimulatedwith“aqualitativelysimilarresult”Authorsexplanation:MMSserverwillnotbedimensionedtohandleusersbehavinglikeanaggressiveworm(i.e.,sendinglargenumbersofmessagesasquicklyaspossible).Bottom-updesignoftheUMTSNetworkSimulationConstructionAssumeSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkSimplifiedUTMSNetworkModeledUTMSNetworkModeledUTMSNetworkSimulationParameters1singleserverserving100msg/sec49serversserving10kuserseach49servers9616NodeB's2Mbps100Mbps1GbpslinksbetweenSGSNsSimulationParameters1singleSimulationNotes“ThegranularityofourNodeBplacementwasalimitingfactorofourinitialpopulationdata.Afinergranularitywould,nodoubt,offeramoredetailedandaccuratepictureofmalwarepropagation.”SimulationNotes“ThegranulariSpreadingviaPhonebooks/ContactListsNopublishedstudiesofaddressbookcharacteristicsfound,so:1-1000contacts(upperlimitfromempiricaldataonphonebookmaximums)‏Phonebook/contactdegreedistributionsbasedonstatisticalanalysisSpreadingviaPhonebooks/ContPhonebook/contactdegreedistributions

(forcontactlistsize)‏Power-Law:fromyahooemailgroups,andotherauthors'research.Log-Normal:fromsocialnetworkingwebsites'statistics.ErlangDist:fromauthors'experiment(butverysmallsamplesizeof73)‏Phonebook/contactdegreedistrNodeAttachment...youdontcalleverybodyinyouraddressbookProbabilisticallyrandomlyassignaddressbooksizebasedondistribution,then...70%-“Theprobabilitythattwouserswerefriendswasproportionaltotheinverseofthenumberofpeoplebetweenthem.”(fromLiveJournalstudy)‏30%uniformlyrandomlyassignedNodeAttachment...youdontcAttackVector:VoIPAssumesvulnerableserviceonthemobilephonewhichdoesnotrequireuserinteractionAssumeallphonesarevulnerable.(Authorsnotethatinrealityafractionwouldbevulnerable,andtheystateaqualitativelysimilarresult)‏AttackVector:VoIPAssumesvulSimulatedPropagationofVoIPMalware“...constrainedbandwidthshouldalsobeconsidered;butdoingsorequiresestimatingtypicaltrafficcharacteristics,andwelackedmeaningfuldataonwhichtobasesuchestimates.”---?????SimulatedPropagationofVoIPTechniquesforFasterPropagationofVoIPMalware(andSimulationResults)‏Divideanddistribute(transfer)contactsfromaddressbookCongestionbackoff(wait)10sTechniquesforFasterPropagatAttackVector:MMSHandledbycentralMMSserverRequiresuserinteractiononlyapercentage“F”actonmessageCanbedonewhilephoneisof

人人文库> 全部分类> 教育资料 > 课件下载

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论