# On the Convergence Rates of Learning-based Signature Generation Schemes   to Contain Self-propagating Malware

**Authors:** Saeed Valizadeh, Marten van Dijk

arXiv: 1905.00154 · 2019-05-02

## TL;DR

This paper models the interaction between malware propagation and defense mechanisms that learn and generate signatures over time, demonstrating how learning rates impact containment effectiveness.

## Contribution

It introduces a new propagation model incorporating learning-based signature generation and evaluates its effectiveness through simulation and analysis.

## Key findings

- Higher learning rates improve malware containment.
- Signature-based defenses can significantly slow down malware spread.
- Simulation results confirm the importance of timely learning in defense strategies.

## Abstract

In this paper, we investigate the importance of a defense system's learning rates to fight against the self-propagating class of malware such as worms and bots. To this end, we introduce a new propagation model based on the interactions between an adversary (and its agents) who wishes to construct a zombie army of a specific size, and a defender taking advantage of standard security tools and technologies such as honeypots (HPs) and intrusion detection and prevention systems (IDPSes) in the network environment. As time goes on, the defender can incrementally learn from the collected/observed attack samples (e.g., malware payloads), and therefore being able to generate attack signatures. The generated signatures then are used for filtering next attack traffic and thus containing the attacker's progress in its malware propagation mission. Using simulation and numerical analysis, we evaluate the efficacy of signature generation algorithms and in general any learning-based scheme in bringing an adversary's maneuvering in the environment to a halt as an adversarial containment strategy.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.00154/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/1905.00154/full.md

## References

36 references — full list in the complete paper: https://tomesphere.com/paper/1905.00154/full.md

---
Source: https://tomesphere.com/paper/1905.00154