Application Research Of Graph Convolutional Networks In Malware Detection

Security in cyberspace has become a global challenge along with cyberspace being the fifth sovereign space after land,sea,air,and sky.The importance of studying malware detection cannot be overstated,given the prevalence of malware in cyber-attacks.Graph convolutional neural network has shown its powerful potential in different sectors as a deep learning approach for non-Euclidean spatial data,and how to use graph convolutional neural network to malware still requires a lot of research.To address the above situation,this paper proposes a malware detection model based on graph convolutional neural networks,which can effectively detect whether an executable program is a malware,and at the same time,for the problem that malware has multiple class labels,a malware multi-label detection model is proposed,which can detect the malware multi-label situation.The main research contents and results obtained in this paper are as follows.(1)Based on the function call graph structure,the graph convolutional neural network is introduced to the field of malware detection.The function call graph can reflect the real behavior of the executable program,in which the operation code in the node can represent the operation of the program when running,and the edge connection between nodes reflects the call relationship between different functions at run time.The semantic information of operands in nodes is extracted using the Word2 Vec algorithm in this paper to provide graph data that can be training using graph convolutional neural networks.(2)A malware detection model based on graph convolutional networks is proposed.Graph own node features and nearby node features are extracted using the graph convolutional neural network’s ability to aggregate information from neighboring nodes.To better perform the graph classification task,a graph pooling algorithm is introduced to extract the global information of the function call graph,and the extracted global vector is put into a multilayer linear network to complete the malware detection.The experimental results show that good performance is achieved in terms of accuracy,precision,and recall.(3)A multi-label classification model of malware based on graph convolutional networks is proposed.Considering the influence of label relationships on the classification effect of the multilabel model,a method of constructing a label relationship graph using pointwise mutual information is proposed.The size of the pointwise mutual information indicates the strength of the connected edge relationship between the labels.The label relationship graph is trained by the graph convolution algorithm to learn the potential relationships between labels,and then finally combined with the malware classification model modified based on(2)to complete the multi-label classification task.From the experimental results,it is proved that the model can be effectively used for malware multilabel classification.