Active Malware Analysis using Stochastic Games
Cyber security is increasingly important for defending computer systems from loss of privacy or unauthorised use. One important aspect is threat analysis - how does an attacker infiltrate a system and what do they want once they are inside. This paper considers the problem of Active Malware Analysis...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1476 https://ink.library.smu.edu.sg/context/sis_research/article/2475/viewcontent/ActiveMalwareAnalysiStochastic_2012.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-2475 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-24752016-05-13T07:29:17Z Active Malware Analysis using Stochastic Games WILLIAMSON, Simon VARAKANTHAM, Pradeep Reddy GAO, Debin ONG, Chen Hui Cyber security is increasingly important for defending computer systems from loss of privacy or unauthorised use. One important aspect is threat analysis - how does an attacker infiltrate a system and what do they want once they are inside. This paper considers the problem of Active Malware Analysis, where we learn about the human or software intruder by actively interacting with it with the goal of learning about its behaviours and intentions, whilst at the same time that intruder may be trying to avoid detection or showing those behaviours and intentions. This game-theoretic active learning is then used to obtain a behavioural clustering of malware, an important contribution for both understanding malware at a high level and more crucially, for the deployment of effective anti-malware defences. This paper makes the following contributions: (i) A formal definition of the game-theoretic active malware analysis problem; (ii) A fast algorithm for learning about a malware in the active analysis problem which utilises the concept of reducing entropy in the beliefs about the malware; (iii) A virtual machine based agent architecture for the implementation of the active malware analysis problem and (iv) A behaviour based clustering of malware behaviour which is shown to be more accurate than a similar clustering using only passive information about the malware. 2012-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1476 https://ink.library.smu.edu.sg/context/sis_research/article/2475/viewcontent/ActiveMalwareAnalysiStochastic_2012.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Malware Analysis Stochastic Game Autonomous agents Computer crime Game theory Intrusion detection Multi agent systems Network security Artificial Intelligence and Robotics Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Malware Analysis Stochastic Game Autonomous agents Computer crime Game theory Intrusion detection Multi agent systems Network security Artificial Intelligence and Robotics Information Security |
| spellingShingle |
Malware Analysis Stochastic Game Autonomous agents Computer crime Game theory Intrusion detection Multi agent systems Network security Artificial Intelligence and Robotics Information Security WILLIAMSON, Simon VARAKANTHAM, Pradeep Reddy GAO, Debin ONG, Chen Hui Active Malware Analysis using Stochastic Games |
| description |
Cyber security is increasingly important for defending computer systems from loss of privacy or unauthorised use. One important aspect is threat analysis - how does an attacker infiltrate a system and what do they want once they are inside. This paper considers the problem of Active Malware Analysis, where we learn about the human or software intruder by actively interacting with it with the goal of learning about its behaviours and intentions, whilst at the same time that intruder may be trying to avoid detection or showing those behaviours and intentions. This game-theoretic active learning is then used to obtain a behavioural clustering of malware, an important contribution for both understanding malware at a high level and more crucially, for the deployment of effective anti-malware defences. This paper makes the following contributions: (i) A formal definition of the game-theoretic active malware analysis problem; (ii) A fast algorithm for learning about a malware in the active analysis problem which utilises the concept of reducing entropy in the beliefs about the malware; (iii) A virtual machine based agent architecture for the implementation of the active malware analysis problem and (iv) A behaviour based clustering of malware behaviour which is shown to be more accurate than a similar clustering using only passive information about the malware. |
| format |
text |
| author |
WILLIAMSON, Simon VARAKANTHAM, Pradeep Reddy GAO, Debin ONG, Chen Hui |
| author_facet |
WILLIAMSON, Simon VARAKANTHAM, Pradeep Reddy GAO, Debin ONG, Chen Hui |
| author_sort |
WILLIAMSON, Simon |
| title |
Active Malware Analysis using Stochastic Games |
| title_short |
Active Malware Analysis using Stochastic Games |
| title_full |
Active Malware Analysis using Stochastic Games |
| title_fullStr |
Active Malware Analysis using Stochastic Games |
| title_full_unstemmed |
Active Malware Analysis using Stochastic Games |
| title_sort |
active malware analysis using stochastic games |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2012 |
| url |
https://ink.library.smu.edu.sg/sis_research/1476 https://ink.library.smu.edu.sg/context/sis_research/article/2475/viewcontent/ActiveMalwareAnalysiStochastic_2012.pdf |
| _version_ |
1770571199647055872 |