Agent-based trace learning in a recommendation-verification system for cybersecurity

William Casey, Evan Wright, Jose Andre Morales, Michael Appel, Jeff Gennari, Bhubaneswar Mishra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.

Original languageEnglish (US)
Title of host publicationProceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages135-143
Number of pages9
ISBN (Print)9781479973293
DOIs
StatePublished - Dec 29 2014
Event9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014 - Fajardo, Puerto Rico
Duration: Oct 28 2014Oct 30 2014

Other

Other9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
CountryPuerto Rico
CityFajardo
Period10/28/1410/30/14

Fingerprint

Ubiquitous computing
Model checking
Learning systems
Classifiers
Empirical Study
Deception
Machine Learning
Interaction
Model Checking
Classifier
Liveness
Monitor
Safety
Ubiquitous Computing
Concreteness
Statistical Learning
Statistical Inference

ASJC Scopus subject areas

  • Artificial Intelligence
  • Visual Arts and Performing Arts

Cite this

Casey, W., Wright, E., Morales, J. A., Appel, M., Gennari, J., & Mishra, B. (2014). Agent-based trace learning in a recommendation-verification system for cybersecurity. In Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014 (pp. 135-143). [6999404] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MALWARE.2014.6999404

Agent-based trace learning in a recommendation-verification system for cybersecurity. / Casey, William; Wright, Evan; Morales, Jose Andre; Appel, Michael; Gennari, Jeff; Mishra, Bhubaneswar.

Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 135-143 6999404.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Casey, W, Wright, E, Morales, JA, Appel, M, Gennari, J & Mishra, B 2014, Agent-based trace learning in a recommendation-verification system for cybersecurity. in Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014., 6999404, Institute of Electrical and Electronics Engineers Inc., pp. 135-143, 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014, Fajardo, Puerto Rico, 10/28/14. https://doi.org/10.1109/MALWARE.2014.6999404
Casey W, Wright E, Morales JA, Appel M, Gennari J, Mishra B. Agent-based trace learning in a recommendation-verification system for cybersecurity. In Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 135-143. 6999404 https://doi.org/10.1109/MALWARE.2014.6999404
Casey, William ; Wright, Evan ; Morales, Jose Andre ; Appel, Michael ; Gennari, Jeff ; Mishra, Bhubaneswar. / Agent-based trace learning in a recommendation-verification system for cybersecurity. Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 135-143
@inproceedings{6f88efea27774eadb61b4e96d3845034,
title = "Agent-based trace learning in a recommendation-verification system for cybersecurity",
abstract = "Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.",
author = "William Casey and Evan Wright and Morales, {Jose Andre} and Michael Appel and Jeff Gennari and Bhubaneswar Mishra",
year = "2014",
month = "12",
day = "29",
doi = "10.1109/MALWARE.2014.6999404",
language = "English (US)",
isbn = "9781479973293",
pages = "135--143",
booktitle = "Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Agent-based trace learning in a recommendation-verification system for cybersecurity

AU - Casey, William

AU - Wright, Evan

AU - Morales, Jose Andre

AU - Appel, Michael

AU - Gennari, Jeff

AU - Mishra, Bhubaneswar

PY - 2014/12/29

Y1 - 2014/12/29

N2 - Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.

AB - Agents in a social-technological network can be thought of as strategically interacting with each other by continually observing their own local or hyperlocal information and communicating suitable signals to the receivers who can take appropriate actions. Such interactions have been modeled as information-asymmetric signaling games and studied in our earlier work to understand the role of deception, which often results in general loss of cybersecurity. While there have been attempts to model and check such a body of agents for various global properties and hyperproperties, it has become clear that various theoretical obstacles against this approach are unsurmountable. We instead advocate an approach to dynamically check various liveness and safety hyperproperties with the help of recommenders and verifiers; we focus on empirical studies of the resulting signaling games to understand their equilibria and stability. Agents in such a proposed system may mutate, publish, and recommend strategies and verify properties, for instance, by using statistical inference, machine learning, and model checking with models derived from the past behavior of the system. For the sake of concreteness, we focus on a well-studied problem of detecting a malicious code family using statistical learning on trace features and show how such a machine learner-in this study a classifier for Zeus/Zbot-can be rendered as a property, and then be deployed on endpoint devices with trace monitors. The results of this paper, in combination with our earlier work, indicate the feasibility and way forward for a recommendation-verification system to achieve a novel defense mechanism in a social-technological network in the era of ubiquitous computing.

UR - http://www.scopus.com/inward/record.url?scp=84922547032&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84922547032&partnerID=8YFLogxK

U2 - 10.1109/MALWARE.2014.6999404

DO - 10.1109/MALWARE.2014.6999404

M3 - Conference contribution

AN - SCOPUS:84922547032

SN - 9781479973293

SP - 135

EP - 143

BT - Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -