A novel malware detection method based on audit logs and graph neural network

Malicious programs pose a significant threat to cyberspace security, making practical and low-cost malware detection a pressing need. To address this problem, we propose a novel malware detection method based on audit logs and graph neural networks. This method first performs fine-grained parsing of the logs for obtaining the process event sequence and process invocation relationship. Then, we employ a graph convolutional network to generate an embedding vector representation for each extracted process event, effectively capturing both local and global co-occurrence information. Next, the process structure and event semantic information are used to construct an event relationship graph for each log sample. Based on the event relationship graphs, we leverage an attention gated graph neural network (AGGNN) for malware detection. The evaluation shows that our approach can detect malware effectively with explainable results, and it outperforms the recent malware detection methods based on audit logs.