Malware Detection Using Dynamic Graph Neural Networks

Abstract

The increasing complexity and sophistication of malware pose significant challenges to traditional detection techniques. Conventional methods like signature-based detection are ineffective against advanced threats such as polymorphic and zero-day malware. This research investigates the application of Dynamic Graph Neural Networks (DGNNs) for malware detection using a dataset of API call sequences. DGNNs, an advanced form of Graph Neural Networks, are capable of modeling dynamic graphs, capturing both the temporal and structural evolution of API interactions. Using these strengths, the study develops and evaluates a DGNN-based framework designed to effectively distinguish between benign and malicious behavior in real time, demonstrating its suitability for detecting complex, evolving malware patterns. The results show that DGNN outperform traditional machine learning models in detecting complex malware patterns, achieving high accuracy of up to 97%, F1 scores of up to 98% in unbalanced datasets, and competitive results in balanced datasets. The models also achieved ROC-AUC scores exceeding 97% in specific configurations, highlighting their effectiveness in identifying advanced malware pat- terns and resilience against novel threats. Although challenges in scalability and computational complexity remain, this work proposes potential solutions to enhance practical implementation. These findings highlight the potential of DGNNs to transform malware detection and significantly improve endpoint security, making them a promising tool for addressing the evolving challenges of modern cybersecurity.