Malware Detection and Classification Based on Graph Convolutional Networks and Function Call Graphs

New types and variants of malware are constantly and rapidly being developed. Identifying malware effectively and quickly has become a primary goal of information security analysts. This study proposes a malware detection and classification model that is based on graphical convolutional networks and function call graphs. Analyzing the behavior of malware executions through sandboxes yields the association between function calls and functions, enabling a graph that represents the behavior of malware to be constructed. Using the application programming interfaces (APIs) that are called by the software as nodes, the call relationships between APIs as edges, and the underlying semantics of APIs as node features, the behavior of malware is obtained by subgraph integration. The results show that the accuracy and precision of the detection model are 0.945 and 0.95, respectively, and the accuracy and precision of the classification model are 0.926 and 0.93, respectively. These results are better than those for previously developed methods.