Matteo Bunino

Matteo Bunino

Data scientist and computer engineer

Publications

From Spectral Graph Convolutions to Large Scale Graph Convolutional Networks

Published in arXiv preprint arXiv:2207.05669, 2022

Graph Convolutional Networks (GCNs) have been shown to be a powerful concept that has been successfully applied to a large variety of tasks across many domains over the past years. In this work we study the theory that paved the way to the definition of GCN, including related parts of classical graph theory. We also discuss and experimentally demonstrate key properties and limitations of GCNs such as those caused by the statistical dependency of samples, introduced by the edges of the graph, which causes the estimates of the full gradient to be biased. Another limitation we discuss is the negative impact of minibatch sampling on the model performance. As a consequence, during parameter update, gradients are computed on the whole dataset, undermining scalability to large graphs. To account for this, we research alternative methods which allow to safely learn good parameters while sampling only a subset of data per iteration. We reproduce the results reported in the work of Kipf et al. and propose an implementation inspired to SIGN, which is a sampling-free minibatch method. Eventually we compare the two implementations on a benchmark dataset, proving that they are comparable in terms of prediction accuracy for the task of semi-supervised node classification.

Recommended citation: Matteo Bunino (2022). "From Spectral Graph Convolutions to Large Scale Graph Convolutional Networks" Journal arXiv preprint arXiv:2207.05669. https://arxiv.org/pdf/2207.05669

Reinforcement Learning-aided Dynamic Analysis of Evasive Malware

Published in PoliTO, 2022

As cyberspace becomes more and more complex, malware authors strive to take advantage of the growing number of vulnerabilities. This requires security researchers to invest more effort in developing automated malware analysis tools, able to cope with the increasing pace of suspicious binaries. The Achilles heel of automated malware analysis tools is evasive malware, which may put countless strategies in place to impede analysis. For instance, malware trying to detect that they are under observation in an analysis environment and, as a consequence, conceal their malicious behavior by performing only innocuous operations. Evasive malware can hinder analysis by either performing static code obfuscation (eg via packers, crypters) or dynamic evasion (eg sandbox and debugger evasion). The goal of this thesis is to explore the application of Reinforcement Learning (RL) to dynamic analysis, to reduce the burden of exhaustive exploration of conditional paths. To this end, we develop a model that is capable of noticing new evasive schemes via RL. Stateof-the-art approaches generally identify evasions through fingerprinting, which is not effective in identifying slight mutations of evasion schemes. In contrast, this work employs a language model to abstract out the syntax of binary code, while preserving its semantics. Furthermore, to improve over state-of-the-art solutions, the presented solution considers both evasion schemes and the malicious nature of regions of code protected by evasive conditions, to better distinguish true evasive behaviors from false positives. As a consequence, this method is easily extended to guide the search of…

Recommended citation: Matteo Bunino (2022). "Reinforcement Learning-aided Dynamic Analysis of Evasive Malware. https://webthesis.biblio.polito.it/secure/22588/1/tesi.pdf