Towards Transparent Malware Detection With Granular Explainability: Backtracking Meta-Coarsened Explanations Onto Assembly Flow Graphs With Graph Neural Networks

• URL: http://arxiv.org/abs/2601.14511v1
• Date: Tue, 20 Jan 2026 22:05:07 GMT
• Title: Towards Transparent Malware Detection With Granular Explainability: Backtracking Meta-Coarsened Explanations Onto Assembly Flow Graphs With Graph Neural Networks
• Authors: Griffin Higgins, Roozbeh Razavi-Far, Hossein Shokouhinejad, Ali A. Ghorbani,
• Abstract summary: We propose Assembly Flow Graph (AFG) to represent the assembly flow of a binary executable as graph data.<n>AFG can be used to extract granular explanations needed to increase transparency for malware detection using Graph Neural Networks (GNNs)<n>We also propose a Meta-Coarsening approach to improve computational tractability via graph reduction.
• Score: 4.437835658886064
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: As malware continues to become increasingly sophisticated, threatening, and evasive, malware detection systems must keep pace and become equally intelligent, powerful, and transparent. In this paper, we propose Assembly Flow Graph (AFG) to comprehensively represent the assembly flow of a binary executable as graph data. Importantly, AFG can be used to extract granular explanations needed to increase transparency for malware detection using Graph Neural Networks (GNNs). However, since AFGs may be large in practice, we also propose a Meta-Coarsening approach to improve computational tractability via graph reduction. To evaluate our proposed approach we consider several novel and existing metrics to quantify the granularity and quality of explanations. Lastly, we also consider several hyperparameters in our proposed Meta-Coarsening approach that can be used to control the final explanation size. We evaluate our proposed approach using the CIC-DGG-2025 dataset. Our results indicate that our proposed AFG and Meta-Coarsening approach can provide both increased explainability and inference performance at certain coarsening levels. However, most importantly, to the best of our knowledge, we are the first to consider granular explainability in malware detection using GNNs.

Related papers

• Explainable Attention-Guided Stacked Graph Neural Networks for Malware Detection [2.6436521007616114]
  We propose a novel stacking ensemble framework for graph-based malware detection and explanation.<n>Our framework improves classification performance while providing insightful interpretations of malware behavior.
  arXiv  Detail & Related papers  (2025-08-13T13:33:02Z)
• On the Consistency of GNN Explanations for Malware Detection [2.464148828287322]
  Control Flow Graphs (CFGs) are critical for analyzing program execution and characterizing malware behavior.<n>This study proposes a novel framework that dynamically constructs CFGs and embeds node features using a hybrid approach.<n>A GNN-based classifier is then constructed to detect malicious behavior from the resulting graph representations.
  arXiv  Detail & Related papers  (2025-04-22T23:25:12Z)
• Explainable Malware Detection through Integrated Graph Reduction and Learning Techniques [2.464148828287322]
  Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution.<n>These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors.<n>This paper addresses these issues by developing several graph reduction techniques to reduce graph size and applying the state-of-the-art GNNExplainer to enhance the interpretability of GNN outputs.
  arXiv  Detail & Related papers  (2024-12-04T18:59:45Z)
• BOURNE: Bootstrapped Self-supervised Learning Framework for Unified Graph Anomaly Detection [50.26074811655596]
  We propose a novel unified graph anomaly detection framework based on bootstrapped self-supervised learning (named BOURNE) By swapping the context embeddings between nodes and edges, we enable the mutual detection of node and edge anomalies. BOURNE can eliminate the need for negative sampling, thereby enhancing its efficiency in handling large graphs.
  arXiv  Detail & Related papers  (2023-07-28T00:44:57Z)
• DEGREE: Decomposition Based Explanation For Graph Neural Networks [55.38873296761104]
  We propose DEGREE to provide a faithful explanation for GNN predictions. By decomposing the information generation and aggregation mechanism of GNNs, DEGREE allows tracking the contributions of specific components of the input graph to the final prediction. We also design a subgraph level interpretation algorithm to reveal complex interactions between graph nodes that are overlooked by previous methods.
  arXiv  Detail & Related papers  (2023-05-22T10:29:52Z)
• Edge Graph Neural Networks for Massive MIMO Detection [15.970981766599035]
  Massive Multiple-Input Multiple-Out (MIMO) detection is an important problem in modern wireless communication systems. While traditional Belief Propagation (BP) detectors perform poorly on loopy graphs, the recent Graph Neural Networks (GNNs)-based method can overcome the drawbacks of BP and achieve superior performance.
  arXiv  Detail & Related papers  (2022-05-22T08:01:47Z)
• Black-box Node Injection Attack for Graph Neural Networks [29.88729779937473]
  We study the possibility of injecting nodes to evade the victim GNN model. Specifically, we propose GA2C, a graph reinforcement learning framework. We demonstrate the superior performance of our proposed GA2C over existing state-of-the-art methods.
  arXiv  Detail & Related papers  (2022-02-18T19:17:43Z)
• Deep Fraud Detection on Non-attributed Graph [61.636677596161235]
  Graph Neural Networks (GNNs) have shown solid performance on fraud detection. labeled data is scarce in large-scale industrial problems, especially for fraud detection. We propose a novel graph pre-training strategy to leverage more unlabeled data.
  arXiv  Detail & Related papers  (2021-10-04T03:42:09Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• Graph Representation Learning via Graphical Mutual Information Maximization [86.32278001019854]
  We propose a novel concept, Graphical Mutual Information (GMI), to measure the correlation between input graphs and high-level hidden representations. We develop an unsupervised learning model trained by maximizing GMI between the input and output of a graph neural encoder.
  arXiv  Detail & Related papers  (2020-02-04T08:33:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.