Agent-based trace learning in a recommendation-verification system for cybersecurity

William Casey, Evan Wright, Jose Andre Morales, Michael Appel, Jeff Gennari, Bud Mishra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.

Original languageEnglish (US)
Title of host publicationProceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages135-143
Number of pages9
ISBN (Electronic)9781479973293
DOIs
StatePublished - Dec 29 2014
Event9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014 - Fajardo, Puerto Rico
Duration: Oct 28 2014Oct 30 2014

Publication series

NameProceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014

Other

Other9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
CountryPuerto Rico
CityFajardo
Period10/28/1410/30/14

ASJC Scopus subject areas

  • Artificial Intelligence
  • Visual Arts and Performing Arts

Fingerprint Dive into the research topics of 'Agent-based trace learning in a recommendation-verification system for cybersecurity'. Together they form a unique fingerprint.

Cite this