Graph Neural Networks for Malware Classification

Author

Vrinda Malhotra, San Jose State University

Publication Date

Fall 2022

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Katerina Potika

Third Advisor

William Andreopoulos

Keywords

Malware Classification, Graph Neural Networks, Jumping Knowledge, Graph Kernels, Machine Learning, Graph Embedding

Abstract

Malware is a growing threat to the digital world. The first step to managing this threat is malware detection and classification. While traditional techniques rely on static or dynamic analysis of malware, the generation of these features requires expert knowledge. Function call graphs (FCGs) consist of program functions as their nodes and their interprocedural calls as their edges, providing a wealth of knowledge that can be utilized to classify malware without feature extraction that requires experts. This project treats malware classification as a graph classification problem, setting node features using the Local Degree Profile (LDP) model and using different graph neural networks (GNN) to generate embeddings for each graph which can then be classified. We particularly highlight Jumping Knowledge-based Graph Isomorphism Network (JK-GIN), Jumping Knowledge-based GraphSAGE (JK-GrahSAGE), UnetGraph, and Deep Graph Convolutional Network (DGCNN) since they performed the best and had similar runtimes. These models performed better than existing state-of-the-art approaches in terms of F1 scores. They also address the over-smoothing problem that is rampant with other GNN models.

Recommended Citation

Malhotra, Vrinda, "Graph Neural Networks for Malware Classification" (2022). Master's Projects. 1194.
DOI: https://doi.org/10.31979/etd.znr4-vz7n
https://scholarworks.sjsu.edu/etd_projects/1194