Analysis of attack-defense game for advanced malware propagation control in cloud

IF 4.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-03-26 DOI:10.1016/j.comcom.2025.108148

Liang Tian , Chenquan Gan , Jiabin Lin , Fengjun Shang , Qingyi Zhu

{"title":"Analysis of attack-defense game for advanced malware propagation control in cloud","authors":"Liang Tian , Chenquan Gan , Jiabin Lin , Fengjun Shang , Qingyi Zhu","doi":"10.1016/j.comcom.2025.108148","DOIUrl":null,"url":null,"abstract":"<div><div>In modern society, cloud computing has emerged as an indispensable infrastructure. Nevertheless, as the cloud ecosystem grows increasingly vast and complex, a series of novel security challenges have surfaced, among which artificial intelligence (AI)-empowered advanced malware has provided network attackers with even more stealthy and potent weapons. While existing malware detection technologies can still maintain a certain level of defense against traditional security threats, the instant detection and response to these sophisticated AI-crafted threats become exceedingly difficult, consuming substantial remediation time and security resources. To address the balance between control costs and effectiveness, recognizing the intricately intertwined and dynamically interactive nature of the offensive and defensive parties, this paper introduces the framework of differential game theory, delving into the strategies for controlling the propagation of advanced malware in cloud environments. Firstly, we construct an advanced malware propagation control model targeting each virtual machine. On this basis, we define the specific categories of strategy selection for both the offensive and defensive sides, as well as their respective cost-benefit relationships, and formulate an attack-defense game problem. Subsequently, we rigorously demonstrate, from a mathematical theoretical perspective, that the optimal solution (i.e., Nash equilibrium) to the attack-defense game problem is indeed attainable, and we devise a dedicated accelerated algorithm for its solution. Finally, we conduct comparative experiments on three real-world datasets using three distinct strategies, and the analysis results show the effectiveness of our proposed method.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108148"},"PeriodicalIF":4.5000,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425001057","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In modern society, cloud computing has emerged as an indispensable infrastructure. Nevertheless, as the cloud ecosystem grows increasingly vast and complex, a series of novel security challenges have surfaced, among which artificial intelligence (AI)-empowered advanced malware has provided network attackers with even more stealthy and potent weapons. While existing malware detection technologies can still maintain a certain level of defense against traditional security threats, the instant detection and response to these sophisticated AI-crafted threats become exceedingly difficult, consuming substantial remediation time and security resources. To address the balance between control costs and effectiveness, recognizing the intricately intertwined and dynamically interactive nature of the offensive and defensive parties, this paper introduces the framework of differential game theory, delving into the strategies for controlling the propagation of advanced malware in cloud environments. Firstly, we construct an advanced malware propagation control model targeting each virtual machine. On this basis, we define the specific categories of strategy selection for both the offensive and defensive sides, as well as their respective cost-benefit relationships, and formulate an attack-defense game problem. Subsequently, we rigorously demonstrate, from a mathematical theoretical perspective, that the optimal solution (i.e., Nash equilibrium) to the attack-defense game problem is indeed attainable, and we devise a dedicated accelerated algorithm for its solution. Finally, we conduct comparative experiments on three real-world datasets using three distinct strategies, and the analysis results show the effectiveness of our proposed method.

查看原文本刊更多论文

云环境下高级恶意软件传播控制攻防博弈分析

在现代社会中，云计算已经成为不可或缺的基础设施。然而，随着云生态系统变得越来越庞大和复杂，一系列新的安全挑战浮出水面，其中人工智能（AI）支持的高级恶意软件为网络攻击者提供了更加隐蔽和强大的武器。虽然现有的恶意软件检测技术仍然可以对传统的安全威胁保持一定的防御水平，但对这些复杂的人工智能制造的威胁的即时检测和响应变得极其困难，消耗了大量的修复时间和安全资源。为了解决控制成本和有效性之间的平衡，认识到进攻和防御各方错综复杂和动态交互的本质，本文引入了差分博弈论框架，深入研究了控制云环境中高级恶意软件传播的策略。首先，构建了针对虚拟机的高级恶意软件传播控制模型。在此基础上，界定了攻防双方战略选择的具体类别，以及各自的成本效益关系，并提出了攻防博弈问题。随后，我们从数学理论的角度严格证明了攻防博弈问题的最优解（即纳什均衡）确实是可以实现的，并且我们设计了一个专用的加速算法来解决它。最后，我们使用三种不同的策略在三个真实数据集上进行了对比实验，分析结果表明了我们提出的方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.