Improved Distributed Framework for Worm Detection & Throttling in Mobile Peer-to-Peer Networks

Peer-to-Peer (P2P) applications are becoming more prevalent in mobile 3G/4G devices. Categorized as collaborative P2P applications, MSN, ICQ and Yahoo IM are in use for years, while recently, filesharing P2P applications like Nokia mBit and PeerBox have also been introduced. Contemporary mobile peers are capable of sharing P2P content using Bluetooth technology i.e. bypassing cellular vendor’s network altogether. Mobile devices are resource constrained in terms of memory and processing thus security threats like scanning and non-scanning worms could result in choking these resources. 3G/4G mobile devices come equipped with no significant software for detection of such an immense threat and hence, worms could exploit vulnerabilities to cause catastrophes. Worms are capable of propagation through mobile P2P networks using three known approaches; content sharing using cellular vendor’s network, through Bluetooth communication directly among different peers and through MMS and SMS messaging. Authors have come up with distinctive ideas to deal with such threats, however, most of them focus solely on one way of threat propagation at any instance of time, unrealistically discarding all other windows of threat propagation. Some approaches target only one specific worm or worm behaviour. There have been over four hundred mobile P2P worms discovered so far and hence the scope of current detection mechanisms comes to literally a nought. We bring in a unified framework for worm detection & throttling in mobile P2P networks that deals with epidemiological spreading of worms through all three windows of propagation. Solution delegates guardian nodes in the network to throttle worms once detected through collaborative information sharing between mobile devices and the guardian nodes. It targets different types of worm behaviours, hence giving it a significant edge over previous approaches. By employing artificial intelligence techniques, the framework can adapt to tackle ever-evolving worm attack strategies.