Abstract
Malware behavioral graphs provide a rich source of information that can
be leveraged for detection and classification tasks. In this paper, we
propose a novel behavioral malware detection method based on Deep Graph
Convolutional Neural Networks (DGCNNs) to learn directly from API call
sequences and their associated behavioral graphs. In order to train and
evaluate the models, we created a new public domain dataset of more than
40,000 API call sequences resulting from the execution of malware and
goodware instances in a sandboxed environment. Experimental results show
that our models achieve similar Area Under the ROC Curve (AUC-ROC) and
F1-Score to Long-Short Term Memory (LSTM) networks, widely used as the
base architecture for behavioral malware detection methods, thus
indicating that the models can effectively learn to distinguish between
malicious and benign temporal patterns through convolution operations on
graphs. To the best of our knowledge, this is the first paper that
investigates the applicability of DGCNN to behavioral malware detection
using API call sequences.