| Title | CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Herath, Jerome Dinal, Wakodikar, Priti Prabhakar, Yang, Ping, Yan, Guanhua |
| Conference Name | 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
| Date Published | jun |
| Keywords | Deep Learning, flow graphs, graph neural networks, graph theory, Human Behavior, Malware, malware analysis, Measurement, Metrics, privacy, process control, pubcrawl, resilience, Resiliency, Resiliency Coordinator, Task Analysis |
| Abstract | With the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models. |
| DOI | 10.1109/DSN53405.2022.00028 |
| Citation Key | herath_cfgexplainer_2022 |
CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs