Visible to the public CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs

TitleCFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs
Publication TypeConference Paper
Year of Publication2022
AuthorsHerath, Jerome Dinal, Wakodikar, Priti Prabhakar, Yang, Ping, Yan, Guanhua
Conference Name2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Date Publishedjun
KeywordsDeep Learning, flow graphs, graph neural networks, graph theory, Human Behavior, Malware, malware analysis, Measurement, Metrics, privacy, process control, pubcrawl, resilience, Resiliency, Resiliency Coordinator, Task Analysis
AbstractWith the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models.
Citation Keyherath_cfgexplainer_2022