Visible to the public GNN-Based Malicious Network Entities Identification In Large-Scale Network Data

TitleGNN-Based Malicious Network Entities Identification In Large-Scale Network Data
Publication TypeConference Paper
Year of Publication2022
AuthorsDvorak, Stepan, Prochazka, Pavel, Bajer, Lukas
Conference NameNOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium
Date Publishedapr
KeywordsBuildings, Databases, graph neural networks, graph theory, Human Behavior, Malware, malware analysis, Manuals, Metrics, privacy, pubcrawl, reliability, resilience, Resiliency, Resiliency Coordinator, Task Analysis
AbstractA reliable database of Indicators of Compromise (IoC's) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC's intended to save analysts' time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.
Citation Keydvorak_gnn-based_2022