A Monte Carlo Tree Search Approach to Active Malware Analysis
Abstract
Active Malware Analysis (AMA) focuses on acquiring knowledge about dangerous software by executing actions that trigger a response in the malware. A key problem for AMA is to design strategies that select most informative actions for the analysis. To devise such actions, we model AMA as a stochastic game between an analyzer agent and a malware sample, and we propose a reinforcement learning algorithm based on Monte Carlo Tree Search. Crucially, our approach does not require a pre-specified malware model but, in contrast to most existing analysis techniques, we generate such model while interacting with the malware. We evaluate our solution using clustering techniques on models generated by analyzing real malware samples. Results show that our approach learns faster than existing techniques even without any prior information on the samples.
Cite
Text
Sartea and Farinelli. "A Monte Carlo Tree Search Approach to Active Malware Analysis." International Joint Conference on Artificial Intelligence, 2017. doi:10.24963/IJCAI.2017/535Markdown
[Sartea and Farinelli. "A Monte Carlo Tree Search Approach to Active Malware Analysis." International Joint Conference on Artificial Intelligence, 2017.](https://mlanthology.org/ijcai/2017/sartea2017ijcai-monte/) doi:10.24963/IJCAI.2017/535BibTeX
@inproceedings{sartea2017ijcai-monte,
title = {{A Monte Carlo Tree Search Approach to Active Malware Analysis}},
author = {Sartea, Riccardo and Farinelli, Alessandro},
booktitle = {International Joint Conference on Artificial Intelligence},
year = {2017},
pages = {3831-3837},
doi = {10.24963/IJCAI.2017/535},
url = {https://mlanthology.org/ijcai/2017/sartea2017ijcai-monte/}
}