A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention

Theodoros Spyridopoulos*, Konstantinos Maraslis, Alexios Mylonas, Theo Tryfonas, George Oikonomou

*Corresponding author for this work

Research output: Contribution to journalArticle (Academic Journal)peer-review

7 Citations (Scopus)

Abstract

Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.

Original languageEnglish
Pages (from-to)164-176
Number of pages13
JournalInformation Security Journal
Volume24
Issue number4-6
DOIs
Publication statusPublished - 31 Dec 2015

Keywords

  • Epidemiology
  • Game theory
  • Malware proliferation
  • Network security
  • SIR
  • SIS

Fingerprint

Dive into the research topics of 'A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention'. Together they form a unique fingerprint.

Cite this