Modeling and Analysis of competition between malware authors and security analysts, using game theory

Modeling tools describe the real world complex problems well and might help analysts to explore constructive solutions for resolving the problems. In this paper, competition between malware authors and security analysts is modeled and analyzed, using Graph Model for Conflict Resolution which is a comprehensive methodology in a non-quantitative non-cooperative perspective of game theory. This methodology has two main steps: Modeling and Analysis. After removing infeasible combinations, 15 states which are possible to occur in reality, are studied in the modeling phase. Then, the ordinal preferences of the players over the states are represented. Various solution concepts are employed in this research for stability definition. Stability analysis shows that two states are predicted to be equilibria. The predicted outcomes indicate that malware authors employ environment diagnostics and security analysts use system event monitoring along with global system state anomaly detection. Recent evidences are in conformity with the finding of this research.