Leveraging Generative AI for Revolutionizing Malware Analysis: A Gemini-Powered Approach
Generative AI (Gen AI) has emerged as a transformative technology with potential applications across various domains. In the realm of cybersecurity, Gen AI’s ability to analyze vast amounts of data and generate insights has sparked interest in its potential. This research explores the efficacy of Gemini, a cutting-edge Gen AI model, as an assistant in the analysis of malware.
The research will showcase the step-by-step process of utilizing Gemini for malware analysis. We will outline the specific techniques and all prompts used to identify Indicators of Compromise (IOCs), such as network signatures, registry modifications, and file system artifacts. The results obtained from Gemini’s analysis are compared with the findings of human analysts[1][2] to assess the model’s accuracy and effectiveness. Additionally, the research highlights the challenges and limitations encountered when utilizing Gen AI for malware analysis.
This research focuses on Gemini’s capability in analyzing different types of malware, with a particular emphasis on Stealer and Remote Access Trojan (RAT). Other malware types, such as Loader, Dropper, Downloader, and Ransomware, are also explored. The analysis involves decompiling malware samples using Ghidra and IDA Pro on various high-level programming languages, primarily focusing on C/C++, but also encompassing malware written in different scripting languages like Javascript, PowerShell, and HTML. By feeding the decompiled code into Gemini, we will utilize its vast knowledgebase and contextual understanding to dissect the intricacies of these threats.
While acknowledging the challenges associated with AI integration, such as the risk of overreliance and the false positives, this research underscores the potential of generative AI to revolutionize malware analysis. We aim to provide practical insights for cybersecurity community, demonstrating the value of combining Gen AI’s analytical capabilities with the expertise of human analysts to effectively combat the ever-evolving landscape of cyber threats.
Marvin Castillo – G Data AV Lab. Inc.
Marvin started his career in cybersecurity in 2018. Currently working as a Virus Analyst at G Data AV LAB Inc, he specializes in malware analysis, reverse engineering, and threat detection.
With a deep passion for threat research, he is constantly engaged in exploring the latest trends and technological advancements.
Lovely Jovellee Lyn B Antonio – G Data AV Lab. Inc.
Lovely has over 11 years of experience in the Information Security industry, specializing in threat research, analysis, and creating detection signatures.
Recently, she has focused on curating training curriculums and career programs for employee upskilling.
She has participated in malware research projects and previously presented at AVAR conferences. She is happily married to a fellow researcher, and they enjoy exploring foods and traveling together.