Institutional Repository [SANDBOX]
Technical University of Crete
EN  |  EL

Search

Browse

My Space

Bayesian active malware analysis

Sartea Riccardo, Chalkiadakis Georgios, Farinelli Alessandro, Murari Matteo

Full record


URI: http://purl.tuc.gr/dl/dias/C261F0BB-A07D-45B8-8B7F-7DFD52339A08
Year 2020
Type of Item Conference Full Paper
License
Details
Bibliographic Citation R. Sartea, G. Chalkiadakis, A. Farinelli, and M. Murari, “Bayesian active malware analysis,” In Proc. of the 19th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2020), vol 2020, B. An, N. Yorke-Smith, A. El Fallah Seghrouchni, G. Sukthankar, Eds., USA: IFAAMAS, 2020, pp. 1206 - 1214.
Appears in Collections

Summary

We propose a novel technique for Active Malware Analysis (AMA) formalized as a Bayesian game between an analyzer agent and a malware agent, focusing on the decision making strategy for the analyzer. In our model, the analyzer performs an action on the system to trigger the malware into showing a malicious behavior, i.e., by activating its payload. The formalization is built upon the link between malware families and the notion of types in Bayesian games. A key point is the design of the utility function, which reflects the amount of uncertainty on the type of the adversary after the execution of an analyzer action. This allows us to devise an algorithm to play the game with the aim of minimizing the entropy of the analyzer’s belief at every stage of the game in a myopic fashion. Empirical evaluation indicates that our approach results in a significant improvement both in terms of learning speed and classification score when compared to other state-of-the-art AMA techniques.

Services

Statistics