Malicious software (malware) poses an increasing threat to the security of communication systems, as the number of interconnected mobile devices increases exponentially. While some existing malware detection and classification approaches successfully leverage network traffic data, they treat network flows between pairs of endpoints independently and thus fail to leverage the rich structural dependencies in the complete network. Our approach first extracts flow graphs and subsequently classifies them using a novel graph neural network model. We present three variants of our base model, which all support malware detection and classification in supervised and unsupervised settings. We evaluate our approach on flow graphs that we extract from a recently published dataset for mobile malware detection that addresses several issues with previously available datasets. Experiments on four different prediction tasks consistently demonstrate the advantages of our approach and show that our graph neural network model can boost detection performance by a significant margin.
翻译:恶意软件(恶意软件)对通信系统的安全构成越来越大的威胁,因为相互关联的移动设备数量成倍增加。虽然一些现有的恶意软件检测和分类方法成功地利用网络流量数据,但它们独立处理端点对对端点之间的网络流动,从而无法利用整个网络中丰富的结构依赖。我们的方法首先提取流动图,然后使用一个新型的图形神经网络模型对其进行分类。我们展示了三个基本模型的变种,这些变种都支持在受监管和不受监督的环境下对恶意软件进行检测和分类。我们评估了我们从最近公布的移动恶意软件检测数据集中提取的流程图,该数据集用以前已有的数据集处理了若干问题。关于四种不同预测任务的实验始终展示了我们方法的优势,并表明我们的图形神经网络模型能够通过显著的边距提高检测性能。