IDEAS home Printed from https://ideas.repec.org/a/wly/riskan/v40y2020i12p2598-2609.html
   My bibliography  Save this article

Protecting From Malware Obfuscation Attacks Through Adversarial Risk Analysis

Author

Listed:
  • Alberto Redondo
  • David Ríos Insua

Abstract

Malware constitutes a major global risk affecting millions of users each year. Standard algorithms in detection systems perform insufficiently when dealing with malware passed through obfuscation tools. We illustrate this studying in detail an open source metamorphic software, making use of a hybrid framework to obtain the relevant features from binaries. We then provide an improved alternative solution based on adversarial risk analysis which we illustrate describe with an example.

Suggested Citation

  • Alberto Redondo & David Ríos Insua, 2020. "Protecting From Malware Obfuscation Attacks Through Adversarial Risk Analysis," Risk Analysis, John Wiley & Sons, vol. 40(12), pages 2598-2609, December.
    • Handle: RePEc:wly:riskan:v:40:y:2020:i:12:p:2598-2609
    DOI: 10.1111/risa.13567
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/risa.13567
    Download Restriction: no
    File URL: https://libkey.io/10.1111/risa.13567?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Joseph B. Kadane & Patrick D. Larkey, 1982. "Subjective Probability and the Theory of Games," Management Science, INFORMS, vol. 28(2), pages 113-120, February.
    2. Nageswara S. V. Rao & Stephen W. Poole & Chris Y. T. Ma & Fei He & Jun Zhuang & David K. Y. Yau, 2016. "Defense of Cyber Infrastructures Against Cyber‐Physical Attacks Using Game‐Theoretic Models," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 694-710, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Robert Nau, 2001. "De Finetti was Right: Probability Does Not Exist," Theory and Decision, Springer, vol. 51(2), pages 89-124, December.
    2. Vitaly Pruzhansky, 2004. "A Discussion of Maximin," Tinbergen Institute Discussion Papers 04-028/1, Tinbergen Institute.
    3. Paul Weirich, 2007. "Collective, universal, and joint rationality," Social Choice and Welfare, Springer;The Society for Social Choice and Welfare, vol. 29(4), pages 683-701, December.
    4. R. J. Aumann & J. H. Dreze, 2009. "Assessing Strategic Risk," American Economic Journal: Microeconomics, American Economic Association, vol. 1(1), pages 1-16, February.
    5. Li, Yapeng & Qiao, Shun & Deng, Ye & Wu, Jun, 2019. "Stackelberg game in critical infrastructures from a network science perspective," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 521(C), pages 705-714.
    6. Lauren Larrouy & Guilhem Lecouteux, 2017. "Mindreading and endogenous beliefs in games," Journal of Economic Methodology, Taylor & Francis Journals, vol. 24(3), pages 318-343, July.
    7. Luca Allodi & Fabio Massacci, 2017. "Security Events and Vulnerability Data for Cybersecurity Risk Estimation," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1606-1627, August.
    8. Insua, Insua Rios & Rios, Jesus & Banks, David, 2009. "Adversarial Risk Analysis," Journal of the American Statistical Association, American Statistical Association, vol. 104(486), pages 841-854.
    9. Guilhem Lecouteux, 2018. "Bayesian game theorists and non-Bayesian players," The European Journal of the History of Economic Thought, Taylor & Francis Journals, vol. 25(6), pages 1420-1454, November.
    10. William N. Caballero & Ethan Gharst & David Banks & Jeffery D. Weir, 2023. "Multipolar Security Cooperation Planning: A Multiobjective, Adversarial-Risk-Analysis Approach," Decision Analysis, INFORMS, vol. 20(1), pages 16-39, March.
    11. Velu, C. & Iyer, S., 2008. "The Rationality of Irrationality for Managers: Returns- Based Beliefs and the Traveller’s Dilemma," Cambridge Working Papers in Economics 0826, Faculty of Economics, University of Cambridge.
    12. Colin Camerer & Teck-Hua Ho & Juin Kuan Chong, 2003. "A cognitive hierarchy theory of one-shot games: Some preliminary results," Levine's Bibliography 506439000000000495, UCLA Department of Economics.
    13. R. J. Aumann & J. H. Dreze, 2005. "When All is Said and Done, How Should You Play and What Should You Expect?," Discussion Paper Series dp387, The Federmann Center for the Study of Rationality, the Hebrew University, Jerusalem.
    14. ,, 2008. "Subjective expected utility in games," Theoretical Economics, Econometric Society, vol. 3(3), September.
    15. Rode, Julian, 2007. "Truth and Trust in Communication: An Experimental Study of Behavior under Asymmetric Information," Ratio Working Papers 111, The Ratio Institute.
    16. D. J. Johnstone, 2021. "Accounting information, disclosure, and expected utility: Do investors really abhor uncertainty?," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 48(1-2), pages 3-35, January.
    17. Antonio Pievatolo & Fabrizio Ruggeri & Refik Soyer & Simon Wilson, 2021. "Decisions in Risk and Reliability: An Explanatory Perspective," Stats, MDPI, vol. 4(2), pages 1-23, March.
    18. Michael Macgregor Perry & Hadi El-Amine, 2021. "Computational Efficiency in Multivariate Adversarial Risk Analysis Models," Papers 2110.12572, arXiv.org.
    19. Julia Mortera & Paola Vicard & Cecilia Vergari, 2012. "Object-Oriented Bayesian Networks for a Decision Support System," Departmental Working Papers of Economics - University 'Roma Tre' 0144, Department of Economics - University Roma Tre.
    20. David Rios Insua & David Banks & Jesus Rios, 2016. "Modeling Opponents in Adversarial Risk Analysis," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 742-755, April.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:riskan:v:40:y:2020:i:12:p:2598-2609. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1539-6924 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.