Using Game Theory to Assess the Strength of an Av System Against Evolving Offences

Many AV scanners are heterogeneous compositions of components, with each component specially tuned to work on a certain class of threat. Each component may have individually tunable parameters and different performance characteristics. No general theory is known for composing such components and assigning their individual parameters in order to ensure optimal resistance to attack. A particularly important question is posed by the possibility of attackers using anti-AV techniques like stealth, which may fool the system into using different components.