TY - GEN
T1 - Agent-based trace learning in a recommendation-verification system for cybersecurity
AU - Casey, William
AU - Wright, Evan
AU - Morales, Jose Andre
AU - Appel, Michael
AU - Gennari, Jeff
AU - Mishra, Bud
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/29
Y1 - 2014/12/29
N2 - Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.
AB - Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.
UR - http://www.scopus.com/inward/record.url?scp=84922547032&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84922547032&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2014.6999404
DO - 10.1109/MALWARE.2014.6999404
M3 - Conference contribution
AN - SCOPUS:84922547032
T3 - Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
SP - 135
EP - 143
BT - Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
Y2 - 28 October 2014 through 30 October 2014
ER -