We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Game-Theoretic Malware Detection

Abstract: Malware attacks are costly. To mitigate against such attacks, organizations deploy malware detection tools that help them detect and eventually resolve those threats. While running only the best available tool does not provide enough coverage of the potential attacks, running all available tools is prohibitively expensive in terms of financial cost and computing resources. Therefore, an organization typically runs a set of tools that maximizes their coverage given a limited budget. However, how should an organization choose that set? Attackers are strategic, and will change their behavior to preferentially exploit the gaps left by a deterministic choice of tools. To avoid leaving such easily-exploited gaps, the defender must choose a random set.
In this paper, we present an approach to compute an optimal randomization over size-bounded sets of available security analysis tools by modeling the relationship between attackers and security analysts as a leader-follower Stackelberg security game. We estimate the parameters of our model by combining the information from the VirusTotal dataset with the more detailed reports from the National Vulnerability Database. In an empirical comparison, our approach outperforms a set of natural baselines under a wide range of assumptions.
Subjects: Cryptography and Security (cs.CR); Computer Science and Game Theory (cs.GT)
Cite as: arXiv:2012.00817 [cs.CR]
  (or arXiv:2012.00817v2 [cs.CR] for this version)

Submission history

From: Revan MacQueen [view email]
[v1] Tue, 1 Dec 2020 20:37:31 GMT (767kb,D)
[v2] Fri, 7 Jan 2022 17:23:19 GMT (1622kb,D)

Link back to: arXiv, form interface, contact.