Proactive security for mobile messaging networks

Abstract

The interoperability of IM (Instant Messaging) and SMS (Short Messaging Service) networks allows users to seamlessly use a variety of computing devices from desktops to cellular phones and mobile handhelds. However, this increasing convergence has also attracted the attention of malicious software writers. In the past few years, the number of malicious codes that target messaging networks, primarily IM and SMS, has been increasing exponentially. Large message volume and number of users in these networks renders manual mitigation of malicious software nearly impossible. This paper proposes automated and proactive security models to protect messaging networks from mobile worms and viruses. First, we present an algorithm for automated identification of the most vulnerable clients in the presence of a malicious attack, based on interactions among the clients. The simplicity of our approach enables easy integration in most client-server messaging systems. Next, we describe a proactive containment framework that applies two commonly-used mechanisms - rate-limiting and quarantine - to the dynamically-generated list of vulnerable clients in a messaging network whenever a worm or virus attack is suspected. Finally, we evaluate the effectiveness of proactive security in a cellular network using data from a large real-life SMS customer network, and compare it against other existing approaches. Most messaging networks can implement our proposed framework without any major modification of their existing infrastructure. Copyright 2006 ACM.