BejaGNN: Behavior-based Java Malware Detection via Graph Neural Network

Abstract

Abstract As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. However, the presence of complex hidden techniques, such as code obfuscation, makes identifying complicated Java malware become challenging. Therefore, there is an urgent need to develop new approaches for resisting hidden techniques. In this paper, we present BejaGNN, a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs from Java program files and then prunes these ICFGs to remove noisy instructions. Then, work embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.