Master of Science (MS)
Malware Classification, Graph Neural Networks, Jumping Knowledge, Graph Kernels, Machine Learning, Graph Embedding
Malware is a growing threat to the digital world. The first step to managing this threat is malware detection and classification. While traditional techniques rely on static or dynamic analysis of malware, the generation of these features requires expert knowledge. Function call graphs (FCGs) consist of program functions as their nodes and their interprocedural calls as their edges, providing a wealth of knowledge that can be utilized to classify malware without feature extraction that requires experts. This project treats malware classification as a graph classification problem, setting node features using the Local Degree Profile (LDP) model and using different graph neural networks (GNN) to generate embeddings for each graph which can then be classified. We particularly highlight Jumping Knowledge-based Graph Isomorphism Network (JK-GIN), Jumping Knowledge-based GraphSAGE (JK-GrahSAGE), UnetGraph, and Deep Graph Convolutional Network (DGCNN) since they performed the best and had similar runtimes. These models performed better than existing state-of-the-art approaches in terms of F1 scores. They also address the over-smoothing problem that is rampant with other GNN models.
Malhotra, Vrinda, "Graph Neural Networks for Malware Classification" (2022). Master's Projects. 1194.