Deep Graph Neural Networks for Malware Detection Using Ghidra P-Code

Abstract: This work examines the effectiveness of using Ghidra P-Code as semantics-based features in a graph neural network-based malware detection system. A preliminary model exhibits a function level precision of ∼70% and a recall around ∼60%, and a precision and recall of ~55% and ~80% respectively for the program level detection task on a dataset of ∼50,000 control flow graphs extracted from functions of malicious and benign programs. Future improvements to this ongoing project include, but are not limited to, colle… Show more