Behavioral Detection and Containment of Proximity Malware in Delay Tolerant Networks

With the universal presence of short-range connectivity technologies (e.g., Bluetooth and, more recently, Wi-Fi Direct) in the consumer electronics market, the delay-tolerant-network (DTN) model is becoming a viable alternative to the traditional infrastructural model. Proximity malware, which exploits the temporal dimension and distributed nature of DTNs in self-propagation, poses threats to users of new technologies. In this paper, we address the proximity malware detection and containment problem with explicit consideration for the unique characteristics of DTNs. We formulate the malware detection process as a decision problem under a general behavioral malware characterization framework. We analyze the risk associated with the decision problem and design a simple yet effective malware containment strategy, look-ahead, which is distributed by nature and reflects an individual node´s intrinsic trade-off between staying connected (with other nodes) and staying safe (from malware). Furthermore, we consider the benefits of sharing assessments among directly connected nodes and address the challenges derived from the DTN model to such sharing in the presence of liars (i.e., malicious nodes sharing false assessments) and defectors (i.e., good nodes that have turned malicious due to malware infection). Real mobile network traces are used to verify our analysis.