Deep Graph Neural Networks for Malware Detection Using Ghidra P-Code

This work examines the effectiveness of using Ghidra P-Code as semantics-based features in a graph neural network-based malware detection system. A preliminary model exhibits a function level precision of similar to 70% and a recall around similar to 60%, and a precision and recall of similar to 55% and similar to 80% respectively for the program level detection task on a dataset of similar to 50,000 control flow graphs extracted from functions of malicious and benign programs. Future improvements to this ongoing project include, but are not limited to, collecting dynamic control flow graph information as opposed to static graphs to provide the model with resilience to advanced malware obfuscation and encryption schemes.