GNN-Based Malicious Network Entities Identification In Large-Scale Network Data | |
---|---|
Author | |
Abstract |
Malware Analysis and Graph Theory - A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification. |
Year of Publication |
2022
|
Date Published |
apr
|
DOI |
10.1109/NOMS54207.2022.9789792
|
Google Scholar | BibTeX | DOI |