Evading control flow graph based GNN malware detectors via active opcode insertion method with maliciousness preserving

Hao Peng; Zehao Yu; Dandan Zhao; Zhiguo Ding; Jieshuai Yang; Bo Zhang; Jianming Han; Xuhong Zhang; Shouling Ji; Ming Zhong

doi:10.1038/s41598-025-92023-7

Scientific Reports (Mar 2025)

Evading control flow graph based GNN malware detectors via active opcode insertion method with maliciousness preserving

Hao Peng,
Zehao Yu,
Dandan Zhao,
Zhiguo Ding,
Jieshuai Yang,
Bo Zhang,
Jianming Han,
Xuhong Zhang,
Shouling Ji,
Ming Zhong

Affiliations

Hao Peng: College of Computer Science and Technology, Zhejiang Normal University
Zehao Yu: College of Computer Science and Technology, Zhejiang Normal University
Dandan Zhao: College of Computer Science and Technology, Zhejiang Normal University
Zhiguo Ding: College of Computer Science and Technology, Zhejiang Normal University
Jieshuai Yang: College of Computer Science and Technology, Zhejiang Normal University
Bo Zhang: School of Cyber Science and Engineering, Shanghai Jiao Tong University
Jianming Han: College of Computer Science and Technology, Zhejiang Normal University
Xuhong Zhang: College of Computer Science and Technology, Zhejiang University
Shouling Ji: College of Computer Science and Technology, Zhejiang University
Ming Zhong: College of Computer Science and Technology, Zhejiang Normal University

DOI: https://doi.org/10.1038/s41598-025-92023-7
Journal volume & issue: Vol. 15, no. 1
pp. 1 – 19

Abstract

Read online

Abstract With the continuous advancement of machine learning, numerous malware detection methods that leverage this technology have emerged, presenting new challenges to the generation of adversarial malware. Existing function-preserving adversarial attacks fall short of effectively modifying portable executable (PE) malware control flow graphs (CFGs), thereby failing to bypass the graph neural network (GNN) models that utilize CFGs for detection. To solve this issue, we introduce a novel base modification method called active opcode insertion, which modifies PE CFGs while preserving functionality by inserting a processed sequence of benign and jump opcodes to connect with the original base block. Using reinforcement learning, MalAOI identifies optimal insertion points and benign opcode sequences to autonomously generate adversarial malware that evades GNN model detection. We tested our approach on the BODMAS and SOREL-20M datasets, and the results demonstrate that MalAOI-generated adversarial malware achieves an average evasion rate of 93.73% against the GNN detection model, with only 12.87% increase in byte size.

Published in Scientific Reports

ISSN: 2045-2322 (Online)
Publisher: Nature Portfolio
Country of publisher: United Kingdom
LCC subjects: Medicine; Science
Website: https://www.nature.com/srep/

About the journal

Abstract

Keywords