Bayesian active malware analysisBayesian active malware analysis Πλήρης Δημοσίευση σε Συνέδριο Conference Full Paper 2022-07-262020enThe research reported in this publication has been partially supported by the project “Dipartimenti di Eccellenza 2018-2022” funded by the Italian Ministry of Education, University and Research (MIUR).We propose a novel technique for Active Malware Analysis (AMA) formalized as a Bayesian game between an analyzer agent and a malware agent, focusing on the decision making strategy for the analyzer. In our model, the analyzer performs an action on the system to trigger the malware into showing a malicious behavior, i.e., by activating its payload. The formalization is built upon the link between malware families and the notion of types in Bayesian games. A key point is the design of the utility function, which reflects the amount of uncertainty on the type of the adversary after the execution of an analyzer action. This allows us to devise an algorithm to play the game with the aim of minimizing the entropy of the analyzer’s belief at every stage of the game in a myopic fashion. Empirical evaluation indicates that our approach results in a significant improvement both in terms of learning speed and classification score when compared to other state-of-the-art AMA techniques.http://creativecommons.org/licenses/by/4.0/1206 - 121419th International Conference on Autonomous Agents and Multiagent SystemsProceedings of the 19th International Conference on Autonomous Agents and Multiagent Systems Sartea Riccardo Chalkiadakis Georgios Χαλκιαδακης Γεωργιος Farinelli Alessandro Murari Matteo International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS) Malware Autonomous agents Multi agent systems Decision making