Malware Detection Analysis Using Gated Graph Neural Networks and Graph Convolutional Networks

Published at the 2025 1st International Conference on Artificial Intelligence Technology (ICoAIT), IEEE. This paper introduces a practical malware detection framework that transforms memory-dump features into graph structures and analyzes them using a sequential hybrid architecture combining Gated Graph Neural Networks (GGNN) and Graph Convolutional Networks (GCN).

The exponential growth of malware threats has created an urgent need for adaptive and accurate detection methods. Traditional approaches that require binary disassembly or CFG extraction are computationally expensive and not scalable.

Developed a sequential hybrid architecture (GGNN→GCN) that constructs graphs efficiently via feature similarity from memory-dump data, enabling scalable deployment. Validated with ablations, comparisons, and diagnostic visualizations.

On a balanced dataset of 58,596 samples: 98.20% accuracy, 97.55% precision, 98.88% recall, 98.21% F1-score, AUC-ROC ≈ 0.999, PR-AUC = 1.00. Outperforms single-architecture baselines and recent methods.