Modeling and Analysis of competition between malware authors and security analysts, using game theory

Document Type : Research Paper

Authors

1 Imam Husein University

2 Faculty of Industrial and Systems Engineering, Tarbiat Modares University, Tehran, Iran

3 Imam Hussein University

Abstract

Modeling tools describe the real world complex problems well and might help analysts to explore constructive solutions for resolving the problems. In this paper, competition between malware authors and security analysts is modeled and analyzed, using Graph Model for Conflict Resolution which is a comprehensive methodology in a non-quantitative non-cooperative perspective of game theory. This methodology has two main steps: Modeling and Analysis. After removing infeasible combinations, 15 states which are possible to occur in reality, are studied in the modeling phase. Then, the ordinal preferences of the players over the states are represented. Various solution concepts are employed in this research for stability definition. Stability analysis shows that two states are predicted to be equilibria. The predicted outcomes indicate that malware authors employ environment diagnostics and security analysts use system event monitoring along with global system state anomaly detection. Recent evidences are in conformity with the finding of this research.

Keywords

Main Subjects

References

Bedi, H. S. & Shiva, S. 2012. “Securing cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms”. Paper presented at the Proceedings of the International Conference on Advances in Computing, Communications and Informatics, Chennai, India.
Bencsáth, B., Pék, G., Buttyán, L. & Félegyházi, M. 2012. “Duqu: Analysis, detection, and lessons learned”. Paper presented at the ACM European Workshop on System Security (EuroSec).
Brams, S. J., & Mattli, W. 1993. “Theory of moves: overview and examples”. Conflict Management and Peace Science. 12 (2). pp 1-39.
Brams, S. J., & Wittman, D. 1981. “Nonmyopic equilibria in 2× 2 games”. Conflict Management and Peace Science. 6 (1). pp 39-62.
Calvet, J. 2015. “Dino – the latest spying malware from an allegedly French espionage group analyzed”. Retrieved from http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/
Daniel, J. & saeed, P. 2015. “Provide a safe environment for malware analysis”. Electronic and cyber defense Journal. 5 (3). pp 65-73.
Falliere, N., Murchu, L. O., & Chien, E. 2010. “W32. Stuxnet dossier”. White paper, Symantec Corp. Security Response. 5.
Fang, L., Hipel, K. W., & Kilgour, D. M. 1993. Interactive decision making: The graph model for conflict resolution (Vol. 3): John Wiley & Sons.
Fraser, N. M. & Hipel, K. W. 1984. Conflict analysis: models and resolutions. Vol. 11. North-Holland.
Howard, N. 1971. “Paradoxes of Rationality: Theory of Metagames and Political Behavior”. MIT Press.
Howard, N. 1987. “The present and future of metagame analysis”. European Journal of Operational Research. 32 (1). pp 1-25.
Howard, N. 1994. “Drama theory and its relation to game theory”. Part 1: dramatic resolution vs. rational solution. Group Decision and Negotiation. 3 (2). pp 187-206.
Khouzani, M. H. R., Sarkar, S., & Altman, E. 2011. “A dynamic game solution to malware attack”. Paper presented at the INFOCOM, 2011 Proceedings IEEE.
Khouzani, M., Sarkar, S., & Altman, E. 2012 a. “Maximum damage malware attack in mobile wireless networks”. Networking, IEEE/ACM Transactions on, 20 (5). pp 1347-1360.
Khouzani, M. H. R, Sarkar, S., & Altman, E. 2012 b. “Saddle-Point Strategies in Malware Attack”. IEEE Journal on Selected Areas in Communications, 30(1), 31-43. doi:10.1109/JSAC.2012.120104
Nash, J. 1951. “Non-cooperative games. Annals of mathematics”. pp 286-295.
Peng, W., Li, F., Zou, X., & Wu, J. 2014. “Behavioral malware detection in delay tolerant networks”. Parallel and Distributed Systems, IEEE Transactions on, 25(1). pp 53-63.
Rashidi, B., & Fung, C. 2015. “Disincentivizing Malicious Users in RecDroid Using Bayesian Game Model”. Journal of Internet Services and Information Security (JISIS). 5 (2). pp 33-46.
Sandholm, T. 2015. “Abstraction for Solving Large Incomplete-Information Games”. Paper presented at the AAAI.
Schmidt, S., Alpcan, T., Albayrak, Ş., Başar, T. & Mueller, A. 2007. “A malware detector placement game for intrusion detection Critical Information Infrastructures Security”. pp 311-326. Springer.
Sheikhmohammady, M., Bitalebi, H., Moatti, A., & Hipel, K. W. 2013, “Formal Strategic Analysis of the Conflict over Syria”. Paper presented at the 2013 IEEE International Conference on Systems, Man, and Cybernetics.
Sheikhmohammady, M., Hipel, K. W., Asilahijani, H., & Kilgour, D. M. 2009. “Strategic analysis of the conflict over Iran's nuclear program”. Paper presented at the Systems, Man and Cybernetics, 2009. SMC 2009. IEEE International Conference on.
Shevchenko, A. 2008. “Malicious Code Detection Technologies. Kaspersky Lab”.
Singh, A., Lakhotia, A. & Walenstein, A. 2010. “Malware antimalware games”. Paper presented at the International Conference on Information Warfare and Security.
Takahashi, M. A., Fraser, N. M. & Hipel, K. W. 1984. “A procedure for analyzing hypergames”. European Journal of Operational Research, 18 (1). pp. 111-122.
Zagare, F. C. 1984. “Limited-move equilibria in 2× 2 games”. Theory and Decision, 16 (1). pp 1-19.
Zolotukhin, M., & Hamalainen, T. 2013. “Support vector machine integrated with game-theoretic approach and genetic algorithm for the detection and classification of malware”. Paper presented at the Globecom Workshops (GC Wkshps). 2013 IEEE.
Strategic Studies of public policy
Volume 7, Issue 23
August 2017
Pages 19-41

Files

Share

How to cite

Statistics