Hatching logo

Making the Call: Why We Want More Arbiters

  • 2019-05-07
  • Menno Brendeke
/static/images/blog/polyswarm.png

Part 3 of 3 in our blog posts series on PolySwarm Arbitership.

Introduction

In the previous two blogs on Hatching's Polyswarm arbitership, we looked at what an arbiter is, what it does and how we became PolySwarm's first Arbiter. In this blog, we want to call upon others to become an arbiter as well, because we believe this can benefit both future Arbiters, as well as contribute to the development PolySwarm's revolutionary platform.

Recap: What is an arbiter?

By definition, Arbiter is somebody tasked with making difficult decisions in light of conflicting interests. In the case of PolySwarm's threat intelligence marketplace, that means judging the potential malicious intent of file samples: a sort of cat and mouse game between security analysts and malware authors. In the end, the verdict of the Arbiters forms what is called the Ground Truth. The Ground Truth is the final decision on the intent of a sample that is used to settle the bounties.

Why do we want more arbiters?

The answer to this question is straightforward. More is better. Why? Because it can significantly improve the quality of decision making. As an Arbiter, your primary objective is to judge a file's maliciousness. To do so, you must utilize the analytical resources you have at your disposal. However, there will always be a limit to the knowledge a single Arbiter can have. That is why you want to combine as many resources as possible.

You can compare it to having multiple judges in a court of justice. Each judge (or Arbiter in this case) brings its own, unique skill set to the table. By combining these skill sets, you will always be able to get a better, more substantiated judgment than you would have from just a single judge (or Arbiter).

In addition to this, you are also able to learn from the input of the other arbiters. For example, imagine a case in which four out of five Arbiters would classify a file as malicious, but one would not. Assuming the majority is right, this would be beneficial information for that single Arbiter. Perhaps, maybe even more interesting, what if closer inspection proved that the minority was right. If there would only be one arbiter, you would never have the opportunity to learn from your judgments in such a way.

How to become an arbiter?

PolySwarm is revolutionizing the threat detection industry by bringing together subject-matter experts. To become an Arbiter, you need to have a product or a solution that can determine the potential maliciousness of a file, as well as the ability to contribute to the skill set of the existing arbiters. However, it does not matter if you are an antivirus solution, a threat intelligence solution of some sort or even another malware sandbox for that matter. The value for both customers and participants of the marketplace is in the interconnectivity that leverages the diverse skill.

If you feel like your company meets these requirements and you believe that you can contribute to PolySwarm's marketplace, you can reach out to them directly. We found integration with their platform pretty straightforward, as polyswarmd does most of the work for you.

Hey You!
Looking for a job?