Malware Behavior Analysis Acceleration based on Graph Neural Networks

中文In-PersonBinary Analysis
Share NoteInstant QAVideoPresentation

time

01:10 ~ 01:55

site

R2

The rapid growth of malicious binaries has left tons of damage to people and caused enormous data and financial loss. Unfortunately, the time for security experts to analyze unknown attack binaries does not increase as the number of samples grows exponentially. Therefore, accelerating the malware analysis process has become critical for the industry.

In this talk, we share our experiences with automated malware behavior analysis. We believe automatic identification of essential functions in binaries is the key to accelerating malicious samples. By leveraging graph neural networks and function embeddings, we developed an expert system to identify malicious samples and pinpoint possible directions for analyzing the samples.

We validate our research by using real-world samples targeted on the Windows OS. In addition to competitive detection performance (97.0% accuracy and 97.6% recall rate), our approach generates intuitive and easy-to-understand explanations by visualizing correlations of identified essential functions. We believe that an accurate detection model with well-designed explainers sheds light on automated program behavior analyses.

Steven Lin

Steven Lin

Product Developer @ Synology SIRT BambooFox / TSJ CTF team member
Yi-Hsien Chen

Yi-Hsien Chen

Yi-Hsien Chen is a Ph.D. candidate in the Department of Electrical Engineering, National Taiwan University, and a security researcher of the CyCarft research team. His research works focus on automatic malware analysis techniques. He tries to utilize symbolic execution, machine learning, and several static analysis techniques to enhance malware analysis speed. He has published his works on IEEE DSC and ACM ASIACCS. He was also a speaker of HITB CyberWeek 2020, AIS3 2021, HITCON 2021, and Codeblue 2021. Furthermore, he is a member of the BambooFox CTF team from NCTU, participated in several CTFs, and won 12th, 2nd in DEFCON 26, 27 with BFS, BFKinesiS CTF team.
Szu-Chun Huang

Szu-Chun Huang

A graduate student at the Institute of Computer Science and Engineering at National Yang-Ming Chiao Tung University.
Chun-Ying Huang

Chun-Ying Huang

Dr. Chun-Ying Huang is a Professor at the Department of Computer Science, National Yang Ming Chiao Tung University (NYCU). Dr. Huang's research interests fall in the areas of system security and multimedia networking. He also served as PIs or co-PIs of several teaching, research, and industrial projects in network and system security areas, including the information security incubation program (ISIP and AIS3) from the Ministry of Education (MoE) and Taiwan information security center program (TWISC) at NYCU from the Ministry of Science and Technology (MOST). Dr. Huang received ACM Taipei/Taiwan Chapter K. T. Li Young Researcher Award in 2014, MOST Excellent Young Scholar Grants in 2021, and NCTU/NYCU excellent teaching awards in 2020 and 2021. He currently serves as the Director of the Institute of Network Engineering at National Yang Ming Chiao Tung University.

English interpretations will be provided for all sessions not presented in English.

Agenda Table

Use event local timezone
TimeZone

00:30

  • Attendant Registration Time

01:20

  • Welcome Speech & Event Introduce

02:10

03:00

  • Break

03:15

04:05

  • Lunch

05:00

05:45

  • Break

06:00

06:45

  • Tea Time

07:00

07:25

08:10

  • Break

08:25

09:10

  • Closing

09:25