Abstract
Anti-malware tools remain the primary line of defense against malicious software. There is a wide variety of commercial anti-malware tools in the IT security market. However, no single tool is able to provide a full protection against the overwhelming number of daily released malware. Hence, collaboration among malware detection tools is of paramount importance. In this paper, we propose MACoMal, a multi-agent based decision mechanism, which assists heterogeneous anti-malware tools to collaborate with each other in order to reach a consensual decision about the maliciousness of a suspicious file. MACoMal consists of two main elements: (1) an executable file identification model, and (2) a collaborative decision-making scheme. MACoMal is analyzed with respect to network connectivity and global decision correctness. By leveraging a multi-agent simulation tool and a set of real malware samples, we present a simulation methodology to assess its effectiveness and efficiency. Experimental results show that MACoMal is able to immunize a network against a malware threat within a time that ranges from a few seconds to a few minutes after the threat detection.
Highlights
The term Malware refers to a group of software designed to penetrate or damage a computer system without the owner’s knowledge [1]
We propose MACoMal, a collaborative and fully-distributed decision-making mechanism for enhancing the detection accuracy of anti-malware tools deployed on a network
COLLABORATIVE DECISION-MAKING SCHEME 1) NETWORK TOPOLOGY MODEL We model the network of the collaborative community as a weighted directed graph G = (V, E, ω), where V represents the set of agents and E represents the set of links. ω : E → R is a function that maps each link (i, j) to a real value, which is the round-trip time from i to j, denoted by RTTij, and is defined as the duration it takes for a network request to go from node i to node j and back again to node i
Summary
The term Malware refers to a group of software designed to penetrate or damage a computer system without the owner’s knowledge [1]. In order to defend against this overwhelming threat, a wide variety of anti-malware tools are provided by the IT security vendors. No single tool can provide a full protection against malware threats [8]–[11]. This is mainly due to the following challenges: 1) The average time required for an anti-malware tool to detect new threats (zero-day malware) can range from few hours to several weeks [8]–[10] during which the system remains vulnerable to the overwhelming number of malware released everyday. An agent can be defined as a physical or virtual entity that can act, perceive its environment (in a partial way) and communicate with others. M. Belaoued et al.: MACoMal: Multi-Agent Based Collaborative Mechanism for Anti-Malware Assistance TABLE 2.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
