A game theoretical method for cost-benefit analysis of malware dissemination prevention. Information Security Journal: A Global Perspective, 24 (4-6). pp. 164-176. ISSN 1939-3555 Disclaimer UWE has obtained warranties from all depositors as to their title in the material deposited and as to their right to deposit such material. UWE makes no representation or warranties of commercial utility, title, or fitness for a particular purpose or any other warranty, express or implied in respect of any material deposited.UWE makes no representation that the use of the materials will not infringe any patent, copyright, trademark or other property or proprietary rights.UWE accepts no liability for any infringement of intellectual property rights in any material deposited but will remove such material from public view pending investigation in the event of an allegation of any such infringement. Abstract Literature in malware proliferation focuses on modelling and analysing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used in the past against this threat to analyse the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models SIR and SIS, which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network's behaviour based on the attacker's and the defender's choices, we use game theory to compute optimal strategies for the defender to minimise the effect of malware spread, minimising at the same time the security cost. We consider three defence mechanisms, "patch", "removal", and "patch and removal", which correspond to the defender's strategy, used probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.
PLEASE SCROLL DOWN FOR TEXT.
A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention