TY - JOUR
T1 - A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention
AU - Spyridopoulos, Theodoros
AU - Maraslis, Konstantinos
AU - Mylonas, Alexios
AU - Tryfonas, Theo
AU - Oikonomou, George
PY - 2015/12/31
Y1 - 2015/12/31
N2 - Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.
AB - Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.
KW - Epidemiology
KW - Game theory
KW - Malware proliferation
KW - Network security
KW - SIR
KW - SIS
UR - http://www.scopus.com/inward/record.url?scp=84949557572&partnerID=8YFLogxK
U2 - 10.1080/19393555.2015.1092186
DO - 10.1080/19393555.2015.1092186
M3 - Article (Academic Journal)
AN - SCOPUS:84949557572
SN - 1939-3555
VL - 24
SP - 164
EP - 176
JO - Information Security Journal
JF - Information Security Journal
IS - 4-6
ER -