Explainable Malware Detection through Integrated Graph Reduction and Learning Techniques

• URL: http://arxiv.org/abs/2412.03634v1
• Date: Wed, 04 Dec 2024 18:59:45 GMT
• Title: Explainable Malware Detection through Integrated Graph Reduction and Learning Techniques
• Authors: Hesamodin Mohammadian, Griffin Higgins, Samuel Ansong, Roozbeh Razavi-Far, Ali A. Ghorbani,
• Abstract summary: Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution. These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors. This paper addresses these issues by developing several graph reduction techniques to reduce graph size and applying the state-of-the-art GNNExplainer to enhance the interpretability of GNN outputs.
• Score: 2.464148828287322
• License:
• Abstract: Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution and effectively characterizing the behavior of malware. These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors. However, challenges remain due to the large size of these graphs and the inherent opacity in the decision-making process of GNNs. This paper addresses these issues by developing several graph reduction techniques to reduce graph size and applying the state-of-the-art GNNExplainer to enhance the interpretability of GNN outputs. The analysis demonstrates that integrating our proposed graph reduction technique along with GNNExplainer in the malware detection framework significantly reduces graph size while preserving high performance, providing an effective balance between efficiency and transparency in malware detection.

Related papers

• GraphDART: Graph Distillation for Efficient Advanced Persistent Threat Detection [11.730485948507523]
  Cyber-physical-social systems (CPSSs) have emerged in many applications over recent decades, requiring increased attention to security concerns. The rise of sophisticated threats like Advanced Persistent Threats (APTs) makes ensuring security in CPSSs particularly challenging. We present GraphDART, a modular framework designed to distill provenance graphs into compact yet informative representations.
  arXiv  Detail & Related papers  (2025-01-06T06:29:57Z)
• Revisiting Graph Neural Networks on Graph-level Tasks: Comprehensive Experiments, Analysis, and Improvements [54.006506479865344]
  We propose a unified evaluation framework for graph-level Graph Neural Networks (GNNs) This framework provides a standardized setting to evaluate GNNs across diverse datasets. We also propose a novel GNN model with enhanced expressivity and generalization capabilities.
  arXiv  Detail & Related papers  (2025-01-01T08:48:53Z)
• Keep It Simple: Towards Accurate Vulnerability Detection for Large Code Graphs [6.236203127696138]
  We propose a novel vulnerability detection method, ANGLE, which embodies the hierarchical graph refinement and context-aware graph representation learning. Our method significantly outperforms several other baselines in terms of the accuracy and F1 score. In large code graphs, ANGLE achieves an improvement in accuracy of 34.27%-161.93% compared to the state-of-the-art method, AMPLE.
  arXiv  Detail & Related papers  (2024-12-13T14:27:51Z)
• On the Robustness of Graph Reduction Against GNN Backdoor [9.377257547233919]
  Graph Neural Networks (GNNs) are gaining popularity across various domains due to their effectiveness in learning graph-structured data. backdoor poisoning attacks pose serious threats to real-world applications. graph reduction techniques, including coarsening and sparsification, have emerged as effective methods for accelerating GNN training on large-scale graphs.
  arXiv  Detail & Related papers  (2024-07-02T17:08:38Z)
• DEGREE: Decomposition Based Explanation For Graph Neural Networks [55.38873296761104]
  We propose DEGREE to provide a faithful explanation for GNN predictions. By decomposing the information generation and aggregation mechanism of GNNs, DEGREE allows tracking the contributions of specific components of the input graph to the final prediction. We also design a subgraph level interpretation algorithm to reveal complex interactions between graph nodes that are overlooked by previous methods.
  arXiv  Detail & Related papers  (2023-05-22T10:29:52Z)
• MentorGNN: Deriving Curriculum for Pre-Training GNNs [61.97574489259085]
  We propose an end-to-end model named MentorGNN that aims to supervise the pre-training process of GNNs across graphs. We shed new light on the problem of domain adaption on relational data (i.e., graphs) by deriving a natural and interpretable upper bound on the generalization error of the pre-trained GNNs.
  arXiv  Detail & Related papers  (2022-08-21T15:12:08Z)
• LSP : Acceleration and Regularization of Graph Neural Networks via Locality Sensitive Pruning of Graphs [2.4250821950628234]
  Graph Neural Networks (GNNs) have emerged as highly successful tools for graph-related tasks. Large graphs often involve many redundant components that can be removed without compromising the performance. We propose a systematic method called Locality-Sensitive Pruning (LSP) for graph pruning based on Locality-Sensitive Hashing.
  arXiv  Detail & Related papers  (2021-11-10T14:12:28Z)
• Deep Fraud Detection on Non-attributed Graph [61.636677596161235]
  Graph Neural Networks (GNNs) have shown solid performance on fraud detection. labeled data is scarce in large-scale industrial problems, especially for fraud detection. We propose a novel graph pre-training strategy to leverage more unlabeled data.
  arXiv  Detail & Related papers  (2021-10-04T03:42:09Z)
• Increase and Conquer: Training Graph Neural Networks on Growing Graphs [116.03137405192356]
  We consider the problem of learning a graphon neural network (WNN) by training GNNs on graphs sampled Bernoulli from the graphon. Inspired by these results, we propose an algorithm to learn GNNs on large-scale graphs that, starting from a moderate number of nodes, successively increases the size of the graph during training.
  arXiv  Detail & Related papers  (2021-06-07T15:05:59Z)
• Learning to Drop: Robust Graph Neural Network via Topological Denoising [50.81722989898142]
  We propose PTDNet, a parameterized topological denoising network, to improve the robustness and generalization performance of Graph Neural Networks (GNNs) PTDNet prunes task-irrelevant edges by penalizing the number of edges in the sparsified graph with parameterized networks. We show that PTDNet can improve the performance of GNNs significantly and the performance gain becomes larger for more noisy datasets.
  arXiv  Detail & Related papers  (2020-11-13T18:53:21Z)
• Understanding Coarsening for Embedding Large-Scale Graphs [3.6739949215165164]
  Proper analysis of graphs with Machine Learning (ML) algorithms has the potential to yield far-reaching insights into many areas of research and industry. The irregular structure of graph data constitutes an obstacle for running ML tasks on graphs. We analyze the impact of the coarsening quality on the embedding performance both in terms of speed and accuracy.
  arXiv  Detail & Related papers  (2020-09-10T15:06:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.