Explainable Malware Detection through Integrated Graph Reduction and Learning Techniques
This work addresses efficiency and transparency issues in malware detection for cybersecurity applications, representing an incremental improvement through integration of existing techniques.
The paper tackled the challenges of large graph sizes and lack of interpretability in malware detection using Graph Neural Networks (GNNs), by developing graph reduction techniques and applying GNNExplainer to achieve significant graph size reduction while preserving high performance.
Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution and effectively characterizing the behavior of malware. These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors. However, challenges remain due to the large size of these graphs and the inherent opacity in the decision-making process of GNNs. This paper addresses these issues by developing several graph reduction techniques to reduce graph size and applying the state-of-the-art GNNExplainer to enhance the interpretability of GNN outputs. The analysis demonstrates that integrating our proposed graph reduction technique along with GNNExplainer in the malware detection framework significantly reduces graph size while preserving high performance, providing an effective balance between efficiency and transparency in malware detection.