| Title | GNN-Based Malicious Network Entities Identification In Large-Scale Network Data |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Dvorak, Stepan, Prochazka, Pavel, Bajer, Lukas |
| Conference Name | NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium |
| Date Published | apr |
| Keywords | Buildings, Databases, graph neural networks, graph theory, Human Behavior, Malware, malware analysis, Manuals, Metrics, privacy, pubcrawl, reliability, resilience, Resiliency, Resiliency Coordinator, Task Analysis |
| Abstract | A reliable database of Indicators of Compromise (IoC's) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC's intended to save analysts' time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification. |
| DOI | 10.1109/NOMS54207.2022.9789792 |
| Citation Key | dvorak_gnn-based_2022 |
GNN-Based Malicious Network Entities Identification In Large-Scale Network Data