Arrow Research search

Author name cluster

Matteo Murari

Possible papers associated with this exact author name in Arrow. This page groups case-insensitive exact name matches and is not a full identity disambiguation profile.

3 papers
2 author rows

Possible papers

3

EUMAS Conference 2020 Conference Paper

A Game of Double Agents: Repeated Stackelberg Games with Role Switch

  • Matteo Murari
  • Alessandro Farinelli
  • Riccardo Sartea

Abstract We introduce a novel variation of the widely used 2-player Stackelberg game formalism. In our variation, a master player can decide to act as a leader or as a follower across the iterations of the game. This model naturally arises in many real-world applications and particularly in cyber-security scenarios, where an analyzer agent can arbitrarily decide which role to play in each iteration. We propose a first solution approach for this model assuming bounded rationality for the players and adopting a Monte Carlo Tree Search approach to devise the analyzer’s strategy. We empirically show the effectiveness of our method in two experimental domains, i. e. synthetic game instances (using randomly generated games) and malware analysis (using real malware samples).

Details DOI

EAAI Journal 2020 Journal Article

SECUR-AMA: Active Malware Analysis Based on Monte Carlo Tree Search for Android Systems

  • Riccardo Sartea
  • Alessandro Farinelli
  • Matteo Murari

We propose SECUR-AMA, an Active Malware Analysis (AMA) framework for Android. (AMA) is a technique that aims at acquiring knowledge about target applications by executing actions on the system that trigger responses from the targets. The main strength of this approach is the capability of extracting behaviors that would otherwise remain invisible. A key difference from other analysis techniques is that the triggering actions are not selected randomly or sequentially, but following strategies that aim at maximizing the information acquired about the behavior of the target application. Specifically, we design SECUR-AMA as a framework implementing a stochastic game between two agents: an analyzer and a target application. The strategy of the analyzer consists in a reinforcement learning algorithm based on Monte Carlo Tree Search (MCTS) to efficiently search the state and action spaces taking into account previous interactions in order to obtain more information on the target. The target model instead is created online while playing the game, using the information acquired so far by the analyzer and using it to guide the remainder of the analysis in an iterative process. We conduct an extensive evaluation of SECUR-AMA analyzing about 1200 real Android malware divided into 24 families (classes) from a publicly available dataset, and we compare our approach with multiple state-of-the-art techniques of different types, including passive and active approaches. Results show that SECUR-AMA creates more informative models that allow to reach better classification results for most of the malware families in our dataset.

Details DOI

AAMAS Conference 2019 Conference Paper

Agent Behavioral Analysis Based on Absorbing Markov Chains

  • Riccardo Sartea
  • Alessandro Farinelli
  • Matteo Murari

We propose a novel technique to identify known behaviors of intelligent agents acting within uncertain environments. We employ Markov chains to represent the observed behavioral models of the agents and we formulate the problem as a classification task. In particular, we propose to use the long-term transition probability values of moving between states of the Markov chain as features. Additionally, we transform our models into absorbing Markov chains, enabling the use of standard techniques to compute such features. The empirical evaluation considers two scenarios: the identification of given strategies in classical games, and the detection of malicious behaviors in malware analysis. Results show that our approach can provide informative features to successfully identify known behavioral patterns. In more detail, we show that focusing on the long-term transition probability enables to diminish the error introduced by noisy states and transitions that may be present in an observed behavioral model. We pose particular attention to the case of noise that may be intentionally introduced by a target agent to deceive an observer agent.

PDF