A comparison of graph neural networks for malware classification

Authors

Vrinda Malhotra, Alumni
Katerina Potika, San Jose State UniversityFollow
Mark Stamp, San Jose State UniversityFollow

Publication Date

3-1-2024

Document Type

Article

Publication Title

Journal of Computer Virology and Hacking Techniques

Volume

20

Issue

1

DOI

10.1007/s11416-023-00493-y

First Page

53

Last Page

69

Abstract

Managing the threat posed by malware requires accurate detection and classification techniques. Traditional detection strategies, such as signature scanning, rely on manual analysis of malware to extract relevant features, which is labor intensive and requires expert knowledge. Function call graphs consist of a set of program functions and their inter-procedural calls, providing a rich source of information that can be leveraged to classify malware without the labor intensive feature extraction step of traditional techniques. In this research, we treat malware classification as a graph classification problem. Based on Local Degree Profile features, we train a wide range of Graph Neural Network (GNN) architectures to generate embeddings which we then classify. We find that our best GNN models outperform previous comparable research involving the well-known MalNet-Tiny Android malware dataset. In addition, our GNN models do not suffer from the overfitting issues that commonly afflict non-GNN techniques, although GNN models require longer training times.

Department

Computer Science

Recommended Citation

Vrinda Malhotra, Katerina Potika, and Mark Stamp. "A comparison of graph neural networks for malware classification" Journal of Computer Virology and Hacking Techniques (2024): 53-69. https://doi.org/10.1007/s11416-023-00493-y