Figure 8 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Download
View publication
Applied contrastive loss concept.

Applied contrastive loss concept.

Source publication
Figure 1. Proposed architecture.
Figure 2. The collected sample data (from Malware Bazaar).
Figure 3. The procedure of dataset construction.
Figure 4. Nodes in call graph.
+8 Figure 5. GNN learning strategy.
Similarity-Based Malware Classification Using Graph Neural Networks
Article
Full-text available
  • Oct 2022
This work proposes a novel malware identification model that is based on a graph neural network (GNN). The function call relationship and function assembly content obtained by analyzing the malware are used to generate a graph that represents the functional structure of a malware sample. In addition to establishing a multi-classification model for...
Cite
Download full-text

Context in source publication

Context 1
... Figure 8 presents an example of contrastive loss, in which the colors of the circles represent a class. The class associated with the red circles differs from that of the blue circles. ...

Similar publications

Fig. 1. Histogram of opcode frequencies in the Microsoft 2015 Kaggle...
Fig. 2. Kaggle Malware Dataset Hamming Space. This figure shows the...
Fig. 4. Confusion matrix for k-Nearest Neighbors classifier with k=2.
Fig. 6. Confusion Matrix for kNN classifier, k=3
+2 Fig. 8. Total accuracy as values of k increase. Accuracy shown for...
kNN Classification of Malware Data Dependency Graph Features
Preprint
Full-text available
  • Jun 2024
Feature resolution impacts the ability of classifiers to make explainable inferences when applied to malware classification. We explore classification based on features constructed from data dependency graphs, and present results from k-Nearest Neighbors (kNN) classifiers. Our study demonstrates that classification based on a novel feature represen...
View

Citations

... In addition, each node may contain certain features, denoted as x v for v ∈ V . We define h r ∈ R d as a vector representing a node v ∈ V or the whole graph G. Given a graph structure, a Graph Neural Network (GNN) extracts the features of the nodes or the entire graph and outputs a vector h r [2]. Once the network features have been extracted, they would be classified to determine if the binary is an infostealer. ...
... Based on the work [2], the same pipeline has been followed for the creation of the dataset creation and model establishment flow. Upon acquisition of a comprehensive dataset of both infostealers and legitimate files, our pipeline undergoes several phases. ...
... For future research, we intend to incorporate the GraphSAGE architecture, as inspired by [2], which aims to detect malware families. In addition, it is proposed to study the graph that it generates dynamically interacting with the rest of the system and what communications it establishes. ...
Detection of Infostealer Variants Through Graph Neural Networks
Chapter
  • Jul 2023
Cybersecurity technology is capable of detecting malicious software that is recognized by signatures, heuristic rules, or that has been previously seen and stored in a database. However, threat actors try to generate new strains/variants of existing malware, by obfuscating or modifying part of the code to evade antivirus engines. One of the most common malicious programs are infostealers, which aim to obtain personal or banking information from an infected system and exfiltrate it. In this work, a pipeline is proposed that allows to analyze the infostealers through their assembler instructions, extract a feature vector associated with the functions and determine a binary classification by applying graph neural networks.KeywordsCybersecuritythreat huntingthreat intelligencedeep learninggraph neuronal networkinfostealer
View