TTLed random walks for collaborative monitoring

In this paper we discuss the problem of collaborative monitoring of applications that are suspected of being malicious. New operating systems for mobile devices allow their users to download millions of new applications created by a great number of individual programmers and companies, some of which may be malicious or flawed. The importance of defense mechanisms against an epidemic spread of malicious applications in mobile networks was recently demonstrated by Wang et. al [21]. In many cases, in order to detect that an application is malicious, monitoring its operation in a real environment for a significant period of time is required. Mobile devices have limited computation and power resources and thus can monitor only a limited number of applications that the user downloads. In this paper we propose an efficient collaborative application monitoring algorithm called TPP - Time-To-Live Probabilistic Flooding, harnessing the collective resources of many mobile devices. Mobile devices activating this algorithm periodically monitor mobile applications, derive conclusion concerning their maliciousness, and report their conclusions to a small number of other mobile devices. Each mobile device that receives a message (conclusion) propagates it to one additional mobile device. Each message has a predefined TTL. The algorithm's performance is analyzed and its time and messages complexity are shown to be significantly lower compared to existing state of the art information propagation algorithms. The algorithm was also implemented and tested in a simulated environment.