Malware Behavior Analysis Acceleration based on Graph Neural Networks
The rapid growth of malicious binaries has left tons of damage to people and caused enormous data and financial loss. Unfortunately, the time for security experts to analyze unknown attack binaries does not increase as the number of samples grows exponentially. Therefore, accelerating the malware analysis process has become critical for the industry.
In this talk, we share our experiences with automated malware behavior analysis. We believe automatic identification of essential functions in binaries is the key to accelerating malicious samples. By leveraging graph neural networks and function embeddings, we developed an expert system to identify malicious samples and pinpoint possible directions for analyzing the samples.
We validate our research by using real-world samples targeted on the Windows OS. In addition to competitive detection performance (97.0% accuracy and 97.6% recall rate), our approach generates intuitive and easy-to-understand explanations by visualizing correlations of identified essential functions. We believe that an accurate detection model with well-designed explainers sheds light on automated program behavior analyses.
林思辰
Product Developer @ Synology SIRT
BambooFox / TSJ CTF team member
陳憶賢
Yi-Hsien Chen is a Ph.D. candidate in the Department of Electrical Engineering, National Taiwan University, and a security researcher of the CyCarft research team. His research works focus on automatic malware analysis techniques. He tries to utilize symbolic execution, machine learning, and several static analysis techniques to enhance malware analysis speed. He has published his works on IEEE DSC and ACM ASIACCS. He was also a speaker of HITB CyberWeek 2020, AIS3 2021, HITCON 2021, and Codeblue 2021. Furthermore, he is a member of the BambooFox CTF team from NCTU, participated in several CTFs, and won 12th, 2nd in DEFCON 26, 27 with BFS, BFKinesiS CTF team.
黃思淳
A graduate student at the Institute of Computer Science and Engineering at National Yang-Ming Chiao Tung University.
黃俊穎
Dr. Chun-Ying Huang is a Professor at the Department of Computer Science, National Yang Ming Chiao Tung University (NYCU). Dr. Huang’s research interests fall in the areas of system security and multimedia networking. He also served as PIs or co-PIs of several teaching, research, and industrial projects in network and system security areas, including the information security incubation program (ISIP and AIS3) from the Ministry of Education (MoE) and Taiwan information security center program (TWISC) at NYCU from the Ministry of Science and Technology (MOST). Dr. Huang received ACM Taipei/Taiwan Chapter K. T. Li Young Researcher Award in 2014, MOST Excellent Young Scholar Grants in 2021, and NCTU/NYCU excellent teaching awards in 2020 and 2021. He currently serves as the Director of the Institute of Network Engineering at National Yang Ming Chiao Tung University.