Large software platforms (e.g., mobile app stores, social media, email service providers) must ensure that files on their platform do not contain malicious code. Platform hosts use security tools to analyze those files for potential malware. However, given the expensive runtimes of tools coupled with the large number of exchanged files, platforms are not able to run all tools on every incoming file. Moreover, malicious parties look to find gaps in the coverage of the analysis tools, and exchange files containing malware that exploits these vulnerabilities. To address this problem, we present a novel approach that models the relationship between malicious parties and the security analyst as a leader-follower Stackelberg security game. To estimate the parameters of our model, we have combined the information from the VirusTotal dataset with the more detailed reports from the National Vulnerability Database. Compared to a set of natural baselines, we show that our model computes an optimal randomization over sets of available security analysis tools.
翻译:大型软件平台(例如移动应用程序仓库、社交媒体、电子邮件服务提供商)必须确保其平台上的文件不含恶意代码。 平台主机使用安全工具分析潜在的恶意软件文件。 但是,由于工具运行时间昂贵,加上大量交换文件,平台无法在每一个收到的文件中运行所有工具。 此外, 恶意方寻找分析工具覆盖面的缺口, 并交换含有恶意软件的文件, 从而利用这些弱点。 为了解决这个问题, 我们提出了一个新颖的方法, 将恶意当事人和安全分析师之间的关系建为领导者- 追随者 Stackelberg 安全游戏。 为了估算模型的参数, 我们把病毒总数数据集的信息与国家脆弱性数据库的更详细报告结合起来。 与一套自然基线相比, 我们显示我们的模型对现有的安全分析工具进行最佳随机化。
相关内容
微信扫码咨询专知VIP会员