Malicious software (malware) poses an increasing threat to the security of
communication systems, as the number of interconnected mobile devices increases
exponentially. While some existing malware detection and classification
approaches successfully leverage network traffic data, they treat network flows
between pairs of endpoints independently and thus fail to leverage the rich
structural dependencies in the complete network. Our approach first extracts
flow graphs and subsequently classifies them using a novel graph neural network
model. We present three variants of our base model, which all support malware
detection and classification in supervised and unsupervised settings. We
evaluate our approach on flow graphs that we extract from a recently published
dataset for mobile malware detection that addresses several issues with
previously available datasets. Experiments on four different prediction tasks
consistently demonstrate the advantages of our approach and show that our graph
neural network model can boost detection performance by a significant margin.

By admin