Study of infostealers using Graph Neural Networks

Bustos-Tabernero, Álvaro; López Sánchez, Daniel; González Arrieta, María Angélica; Novais, Paulo

doi:10.1093/jigpal/jzae105

Título

Study of infostealers using Graph Neural Networks

Autor(es)

Bustos-Tabernero, Álvaro

López Sánchez, Daniel

González Arrieta, María Angélica

Novais, Paulo

Palabras clave

Cybersecurity

Threat intelligence

Deep learning

Graph neural network

Infostealer

Fecha de publicación

2024-09-05

Editor

Oxford University Press

Citación

Álvaro Bustos-Tabernero, Daniel López-Sánchez, Angélica González-Arrieta, Paulo Novais, Study of infostealers using Graph Neural Networks, Logic Journal of the IGPL, 2024;, jzae105, https://doi.org/10.1093/jigpal/jzae105

Resumen

[EN]Cybersecurity technology has the ability to detect malware through a variety of methods, such as signature recognition, logical rules or the identification of known malware stored in a database or public source. However, threat actors continuously try to create new variants of existing malware by obfuscating or altering parts of the code to evade detection by antivirus engines. Infostealers are one of the most common malicious programs aimed at obtaining personal or banking information from an infected system and exfiltrating it. In addition, they are the precursors of potentially high-security incidents because attackers gain a entry into companies’ internal systems and may even access them with administrator permissions. This article demonstrates how a feature vector can be obtained from the assembly code of a Windows binary and how a a Graph Neural Network can be used to determine, with ninety percent accuracy, whether it is an infostealer.

URI

https://hdl.handle.net/10366/163133

ISSN

1367-0751

DOI

10.1093/jigpal/jzae105

Versión del editor

https://doi.org/10.1093/jigpal/jzae105

Aparece en las colecciones