MDGraph: A novel malware detection method based on memory dump and graph neural network

Malware detection is of great importance to computer security. Although the malware detection approaches have made great progress in recent years, these methods are still limited in regard to identifying the advanced malware that conceals their malicious activities. To address this problem, we present a novel malware detection solution, MDGraph, which is based on the memory dump and graph neural network. MDGraph first dynamically grabs a memory dump file for a target process. Then, it applies the recursive disassembling technique to extract the program functions composed of assembly instruction sequences and the invocation relationship between functions from the memory dump. Next, the program functions are vectorized using the doc2vec model. Based on the vectorized functions and their connections, MDGraph leverages a graph neural network model for malware detection. The evaluation shows our method can identify unpacked and packed malware effectively, and it is superior to the recent malware detection methods based on the memory dump.