STOP: Socio-Temporal Opportunistic Patching of short range mobile malware

Mobile phones are integral to everyday life with emails, social networking, online banking and other applications; however, the wealth of private information accessible increases economic incentives for attackers. Compared with fixed networks, mobile malware can replicate through both long range messaging and short range radio technologies; the former can be filtered by the network operator but determining the best method of containing short range malware is an open problem. While global software updates are sometimes possible, they are often not practical. An alternative and more efficient strategy is to distribute the patch to the key nodes so that they can opportunistically disseminate it to the rest of the network via short range encounters; but how can these key nodes be identified in a highly dynamic network topology? In this paper, we address these questions by presenting Socio- Temporal Opportunistic Patching (STOP), a two-tier predictive mobile malware containment system: devices collect co-location data in a decentralized manner and report to a central server which processes and targets delivery of hot fixes to a small subset of k devices at runtime; in turn mobile devices spread the patch opportunistically. The STOP system is underpinned by a recent theoretical framework for analysing dynamic networks that takes into account temporal information of links. Using empirical contact traces, we find firstly, the top-k ranking temporal centrality nodes are highly correlated with past time windows; and secondly, simple prediction functions can be designed to select the set of top-k nodes that are optimal for patch spreading.