Graph Neural Networks for Device Driver Malware Detection: A Feature Engineering-Based Approach to Predict Malicious Attacks
摘要
Device drivers are a critical component of modern computing but are increasingly targeted by attackers to gain unauthorized access, execute malicious code, or escalate privileges. Traditional malware detection techniques, such as signature-based and heuristic methods, struggle against advanced threats that employ evasion tactics. To address this, we propose a Graph Neural Network (GNN)-based framework that leverages feature engineering and graph-based learning to detect malicious drivers with high accuracy. By modeling system execution as a graph, our approach captures complex dependencies between API calls, memory accesses, and kernel interactions. We employ Graph Convolutional Networks (GCN) and Graph Attention Networks (GAT) to analyze these relationships, enabling detection of even stealthy and obfuscated malware. Experiments on Windows, Linux, and Android driver datasets demonstrate that our model achieves a 95.8% accuracy, outperforming Random Forest, XGBoost, LSTM, and CNNs. The model is also robust against adversarial evasion techniques, making it a scalable and effective solution for endpoint security, malware sandboxing, and kernel protection.