Print Email Facebook Twitter Guided Malware Sample Analysis Based on Graph Neural Networks Title Guided Malware Sample Analysis Based on Graph Neural Networks Author Chen, Yi Hsien (National Taiwan University) Lin, Si Chen (National Taiwan University) Huang, S. (TU Delft Organisation & Governance; National Yang Ming Chiao Tung University, Hsinchu) Lei, Chin Laung (National Taiwan University) Huang, Chun Ying Date 2023 Abstract Malicious binaries have caused data and monetary loss to people, and these binaries keep evolving rapidly nowadays. With tons of new unknown attack binaries, one essential daily task for security analysts and researchers is to analyze and effectively identify malicious parts and report the critical behaviors within the binaries. While manual analysis is slow and ineffective, automated malware report generation is a long-term goal for malware analysts and researchers. This study moves one step toward the goal by identifying essential functions in malicious binaries to accelerate and even automate the analyzing process. We design and implement an expert system based on our proposed graph neural network called MalwareExpert. The system pinpoints the essential functions of an analyzed sample and visualizes the relationships between involved parts. We evaluate our proposed approach using executable binaries in the Windows operating system. The evaluation results show that our approach has a competitive detection performance (97.3% accuracy and 96.5% recall rate) compared to existing malware detection models. Moreover, it gives an intuitive and easy-to-understand explanation of the model predictions by visualizing and correlating essential functions. We compare the identified essential functions reported by our system against several expert-made malware analysis reports from multiple sources. Our qualitative and quantitative analyses show that the pinpointed functions indicate accurate directions. In the best case, the top 2% of functions reported from the system can cover all expert-annotated functions in three steps. We believe that the MalwareExpert system has shed light on automated program behavior analysis. Subject Graph neural networkmachine learning for securitymalware analysisreverse engineering To reference this document use: http://resolver.tudelft.nl/uuid:ae1da5ba-1673-49fb-8993-4330eed009fb DOI https://doi.org/10.1109/TIFS.2023.3283913 Embargo date 2023-12-07 ISSN 1556-6013 Source IEEE Transactions on Information Forensics and Security, 18, 4128-4143 Part of collection Institutional Repository Document type journal article Rights © 2023 Yi Hsien Chen, Si Chen Lin, S. Huang, Chin Laung Lei, Chun Ying Huang Files PDF Guided_Malware_Sample_Ana ... tworks.pdf 3.29 MB Close viewer /islandora/object/uuid:ae1da5ba-1673-49fb-8993-4330eed009fb/datastream/OBJ/view