Institutional Repository
Technical University of Crete
Technical University of Crete
EN
|
EL
| URI: | http://purl.tuc.gr/dl/dias/C261F0BB-A07D-45B8-8B7F-7DFD52339A08 | ||
| Year | 2020 | ||
| Type of Item | Conference Full Paper | ||
| License |
|
||
| Bibliographic Citation | R. Sartea, G. Chalkiadakis, A. Farinelli, and M. Murari, “Bayesian active malware analysis,” In Proc. of the 19th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2020), vol 2020, B. An, N. Yorke-Smith, A. El Fallah Seghrouchni, G. Sukthankar, Eds., USA: IFAAMAS, 2020, pp. 1206 - 1214. | ||
| Appears in Collections |
We propose a novel technique for Active Malware Analysis (AMA) formalized as a Bayesian game between an analyzer agent and a malware agent, focusing on the decision making strategy for the analyzer. In our model, the analyzer performs an action on the system to trigger the malware into showing a malicious behavior, i.e., by activating its payload. The formalization is built upon the link between malware families and the notion of types in Bayesian games. A key point is the design of the utility function, which reflects the amount of uncertainty on the type of the adversary after the execution of an analyzer action. This allows us to devise an algorithm to play the game with the aim of minimizing the entropy of the analyzer’s belief at every stage of the game in a myopic fashion. Empirical evaluation indicates that our approach results in a significant improvement both in terms of learning speed and classification score when compared to other state-of-the-art AMA techniques.
Copyright © DIAS 2013
