Malicious software (malware) poses an increasing threat to the security of
communication systems as the number of interconnected mobile devices increases
exponentially. While some existing malware detection and classification
approaches successfully leverage network traffic data, they treat network flows
between pairs of endpoints independently and thus fail to leverage rich
communication patterns present in the complete network. Our approach first
extracts flow graphs and subsequently classifies them using a novel edge
feature-based graph neural network model. We present three variants of our base
model, which support malware detection and classification in supervised and
unsupervised settings. We evaluate our approach on flow graphs that we extract
from a recently published dataset for mobile malware detection that addresses
several issues with previously available datasets. Experiments on four
different prediction tasks consistently demonstrate the advantages of our
approach and show that our graph neural network model can boost detection
performance by a significant margin.

By admin