Decentralized virus scanner
A game of war for decentralized threat detection:
- One side plays the attacker
- The other side plays defence
- The field is a virtual machine
- The ombudsman is software that monitors the VMs health
- The ombudsman is concerned with what has happened to the VM
- Are key system files damaged?
- Have files been locked / crypted by malware?
- Are certain network resources hijacked?
- Attackers submit vectors to disrupt the VM
- Defenders submit vectors to protect the VM
- False positive and negative problem: design the ombudsman to accept random nonce values that impact the tests, i.e. measure performance at date stamp X rather than at a fixed date each time.
- Statistically validity becomes more apparent over time.
- Reward function is yet unknown: but it could be a dividend system based on stopping or evading vectors – I find the potential here fascinating
- I should note because the ombudsman can observe the...
Continue reading →