Function Call Graphs Versus Machine Learning for Malware Detection

Publication Date

September 2018

Document Type

Contribution to a Book

Publication Title

Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach


Simon Parkinson, Andrew Crampton, Richard Hill



First Page


Last Page



Recent work has shown that a function call graph technique can perform well on some challenging malware detection problems. In this chapter, we compare this function call graph approach to elementary machine learning techniques that are trained on simpler features. We find that the machine learning techniques are generally more robust than the function call graphs, in the sense that the malware must be modified to a far greater extent before the machine learning techniques are significantly degraded. This work provides evidence that machine learning is likely to perform better than ad hoc approaches, particularly when faced with intelligent attackers who can attempt to exploit the inherent weaknesses in a given detection strategy.