TY - GEN
T1 - Anti-Malware Sandbox Games
AU - Sikdar, Sujoy
AU - Ruan, Sikai
AU - Han, Qishen
AU - Pitimanaaree, Paween
AU - Blackthorne, Jeremy
AU - Yener, Bulent
AU - Xia, Lirong
N1 - Publisher Copyright: © 2022 International Foundation for Autonomous Agents and Multiagent Systems (www.ifaamas.org). All rights reserved
PY - 2022
Y1 - 2022
N2 - We develop a game theoretic model of malware protection using the state-of-the-art sandbox method, to characterize and compute optimal defense strategies for anti-malware. We model the strategic interaction between developers of malware (M) and anti-malware (AM) as a two player game, where AM commits to a strategy of generating sandbox environments, and M responds by choosing to either attack or hide malicious activity based on the environment it senses. We characterize the condition for AM to protect all its machines, and identify conditions under which an optimal AM strategy can be computed efficiently. For other cases, we provide a quadratically constrained quadratic program (QCQP)-based optimization framework to compute the optimal AM strategy. In addition, we identify a natural and easy to compute strategy for AM, which as we show empirically, achieves AM utility that is close to the optimal AM utility, in equilibrium.
AB - We develop a game theoretic model of malware protection using the state-of-the-art sandbox method, to characterize and compute optimal defense strategies for anti-malware. We model the strategic interaction between developers of malware (M) and anti-malware (AM) as a two player game, where AM commits to a strategy of generating sandbox environments, and M responds by choosing to either attack or hide malicious activity based on the environment it senses. We characterize the condition for AM to protect all its machines, and identify conditions under which an optimal AM strategy can be computed efficiently. For other cases, we provide a quadratically constrained quadratic program (QCQP)-based optimization framework to compute the optimal AM strategy. In addition, we identify a natural and easy to compute strategy for AM, which as we show empirically, achieves AM utility that is close to the optimal AM utility, in equilibrium.
KW - Anti-malware
KW - Non-cooperative game theory
KW - Sandbox
UR - https://www.scopus.com/pages/publications/85134336620
M3 - Conference contribution
T3 - Proceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS
SP - 1201
EP - 1209
BT - International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2022
PB - International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)
T2 - 21st International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2022
Y2 - 9 May 2022 through 13 May 2022
ER -