Malware
enriched with polymorphism, and obfuscation, has surpassed traditional
signature and heuristic-based detection approaches. Machine learning and deep
learning methods such as Convolutional Neural Networks (CNNs), and Recurrent
Neural Networks (RNNs) have enhanced malware classification performance by
utilizing static and sequential input as features. Nevertheless, the
effectiveness of these approaches is limited due to their inability to model
structural dependencies, which are crucial for identifying threats. This study,
we propose a malware detection framework utilizing Graph Neural Networks (GNNs)
to identify structural relationships within malware samples. The structural
elements among the malware samples are incorporated within nodes/ and edges
that apply to nodes, thereby allowing us to extract behavioral semantics that
were not captured in previous models. The framework is evaluated using the
EMBER dataset, which has 2,381 static and dynamic malware features; features
are selected using Chi-square tests. We analyse advanced GNNs: Graph
Convolutional Networks (GCNs); and Graph Attention Networks (GATs). Our
findings demonstrate that the GNN-based malware detection framework outperforms
classical detection methods (e.g., SVM, Random Forest, CNN, and RNN)
consistently across multiple instances. This study establishes GNNs as a
scalable, interpretable, and accurate approach for next-generation malware
detection, and as a method that is resilient to adversarial evasion and
structurally aware of malware behaviors.
[1] M. I. Malik, A. Ibrahim, P. Hannay, and L. F. Sikos,
“Developing resilient cyber-physical systems: a review of state-of-the-art
malware detection approaches, gaps, and future directions,” Computers,
vol. 12, no. 4, p. 79, 2023.
[2] F. K. Alarfaj and N. A. Khan, “Enhancing the
performance of SQL injection attack detection through probabilistic neural
networks,” Applied Sciences, vol. 13, no. 7, p. 4365, 2023.
[3] A. Redhu, P. Choudhary, K. Srinivasan, and T. K. Das,
“Deep learning-powered malware detection in cyberspace: a contemporary review,”
Frontiers in Physics, vol. 12, p. 1349463, 2024.
[4] C. Wei, Q. Li, D. Guo, and X. Meng, “Toward identifying
APT malware through API system calls,” Security and Communication Networks,
vol. 2021, no. 1, p. 8077220, 2021.
[5] A. A. Alqarni, N. Alsharif, N. A. Khan, L. Georgieva,
E. Pardade, and M. Y. Alzahrani, “MNN-XSS: Modular neural network based
approach for XSS attack detection,” Computers, Materials and Continua,
vol. 70, no. 2, pp. 4075–4085, 2022.
[6] L. Li, F. Qiang, and L. Ma, “Advancing Cybersecurity:
Graph Neural Networks in Threat Intelligence Knowledge Graphs,” in Proc.
Int. Conf. Algorithms, Software Engineering, and Network Security, Apr.
2024, pp. 737–741.
[7] H. Shokouhinejad et al., “Recent advances in malware
detection: Graph learning and explainability,” arXiv preprint
arXiv:2502.10556, 2025.
[8] D. Zapzalka, S. Salem, and D. Mohaisen,
“Semantics-Preserving Node Injection Attacks Against GNN-Based ACFG Malware
Classifiers,” IEEE Transactions on Dependable and Secure Computing,
2024.
[9] M. A. Hossain et al., “AI-enabled approach for
enhancing obfuscated malware detection: a hybrid ensemble learning with
combined feature selection techniques,” International Journal of System
Assurance Engineering and Management, pp. 1–19, 2024.
[10] T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui,
“A survey on malware detection with graph representation learning,” ACM
Computing Surveys, vol. 56, no. 11, pp. 1–36, 2024.
[11] C. Li, G. Shen, and W. Sun, “Cross-architecture
Internet-of-Things malware detection based on graph neural network,” in Proc.
Int. Joint Conf. Neural Networks (IJCNN), Jul. 2021, pp. 1–7.
[12] T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui,
“Graph neural networks for intrusion detection: A survey,” IEEE Access,
vol. 11, pp. 49114–49139, 2023.
[13] R. Cohen, R. David, F. Yger, and F. Rossi,
“Identifying Obfuscated Code through Graph-Based Semantic Analysis of Binary
Code,” in Int. Conf. Complex Networks and Their Applications, Dec.
2024, pp. 135–148. Cham: Springer Nature Switzerland.
[14] S. Mitra, S. A. Torri, and S. Mittal, “Survey of
malware analysis through control flow graph using machine learning,” in Proc.
IEEE 22nd Int. Conf. Trust, Security and Privacy in Computing and
Communications (TrustCom), Nov. 2023, pp. 1554–1561.
[15] L. Xu et al., “A Novel Feature Based on Graph Signal
Processing for Detection of Physical Access Attacks,” in Odyssey,
2022, pp. 107–111.
[16] Y. Cheng et al., “Advanced financial fraud detection
using GNN-CL model,” in Proc. Int. Conf. Computers, Information Processing
and Advanced Education (CIPAE), Aug. 2024, pp. 453–460.
[17] L. Xu et al., “A Novel Feature Based on Graph Signal
Processing for Detection of Physical Access Attacks,” in Odyssey,
2022, pp. 107–111.
[18] “EMBER dataset,” Available: https://github.com/elastic/ember.
Accessed: Apr. 10, 2025.
[19] I. S. Thaseen and C. A. Kumar, “Intrusion detection
model using fusion of chi-square feature selection and multi class SVM,” Journal
of King Saud University-Computer and Information Sciences, vol. 29, no. 4,
pp. 462–472, 2017.
[20] N. A. Khan, M. Y. Alzaharani, and H. A. Kar, “Hybrid
feature classification approach for malicious JavaScript attack detection using
deep learning,” International Journal of Computer Science and Information
Security, vol. 18, no. 5, 2020.