Efficient Collaborative Application Monitoring Scheme for Mobile Networks

New operating systems for mobile devices allow their users to download millions of applications created by various individual programmers, some of which may be malicious or flawed. In order to detect that an application is malicious, monitoring its operation in a real environment for a significant period of time is often required. Mobile devices have limited computation and power resources and thus are limited in their monitoring capabilities. In this paper we propose an efficient collaborative monitoring scheme that harnesses the collective resources of many mobile devices, “vaccinating” them against potentially unsafe applications. We suggest a new local information flooding algorithm called “TTL Probabilistic Propagation” (TPP). The algorithm periodically monitors one or more application and reports its conclusions to a small number of other mobile devices, who then propagate this information onwards. The algorithm is analyzed, and is shown to outperform existing state of the art information propagation algorithms, in terms of convergence time as well as network overhead. The maximal “load” of the algorithm (the fastest arrival rate of new suspicious applications, that can still guarantee complete monitoring), is analytically calculated and shown to be significantly superior compared to any non-collaborative approach. Finally, we show both analytically and experimentally using real world network data that implementing the proposed algorithm significantly reduces the number of infected mobile devices. In addition, we analytically prove that the algorithm is tolerant to several types of Byzantine attacks where some adversarial agents may generate false information, or abuse the algorithm in other ways.

💡 Research Summary

The paper addresses the growing security challenge posed by the massive number of third‑party applications that can be installed on modern mobile devices. Because many malicious or buggy apps reveal their harmful behavior only after prolonged execution, real‑world dynamic monitoring is essential. However, individual mobile devices have limited CPU, memory, and battery capacity, making continuous monitoring infeasible on a single device. To overcome this limitation, the authors propose a collaborative monitoring framework that leverages the collective resources of many smartphones.

The core contribution is a novel information‑propagation algorithm called TTL Probabilistic Propagation (TPP). Each monitoring report is encapsulated in a message that carries a Time‑to‑Live (TTL) counter and a forwarding probability p. When a device receives a report, it decrements the TTL; if the TTL reaches zero the message is discarded, preventing endless flooding. Otherwise the device forwards the message to each of its neighbors with probability p. By adjusting TTL and p, TPP controls the trade‑off between rapid dissemination and network overhead.

The authors develop a rigorous analytical model based on Markov chains. They derive the expected convergence time E