A Comparison of Graph Neural Networks for Malware Classification
This work addresses malware detection for cybersecurity by comparing GNN architectures, but it is incremental as it applies existing methods to a known dataset.
The paper tackled malware classification by treating it as a graph classification problem using function call graphs, and found that Graph Neural Network (GNN) models outperformed previous research on the MalNet-Tiny dataset while avoiding overfitting issues common in non-GNN techniques.
Managing the threat posed by malware requires accurate detection and classification techniques. Traditional detection strategies, such as signature scanning, rely on manual analysis of malware to extract relevant features, which is labor intensive and requires expert knowledge. Function call graphs consist of a set of program functions and their inter-procedural calls, providing a rich source of information that can be leveraged to classify malware without the labor intensive feature extraction step of traditional techniques. In this research, we treat malware classification as a graph classification problem. Based on Local Degree Profile features, we train a wide range of Graph Neural Network (GNN) architectures to generate embeddings which we then classify. We find that our best GNN models outperform previous comparable research involving the well-known MalNet-Tiny Android malware dataset. In addition, our GNN models do not suffer from the overfitting issues that commonly afflict non-GNN techniques, although GNN models require longer training times.