Fusion of Static and Dynamic Features for Malware Detection: A Graph Neural Network Approach to Behavioral Representation and Classification
Research Article
Open Access
CC BY

Fusion of Static and Dynamic Features for Malware Detection: A Graph Neural Network Approach to Behavioral Representation and Classification

Jingyu Tang 1*
1 University of Sydney, Sydney, Australia
*Corresponding author: rara481846778@gmail.com
Published on 4 July 2025
Journal Cover
ACE Vol.176
ISSN (Print): 2755-273X
ISSN (Online): 2755-2721
ISBN (Print): 978-1-80590-239-3
ISBN (Online): 978-1-80590-240-9
Download Cover

Abstract

This study proposes a novel malware detection framework integrating dynamic and static analysis, and realizes the collaborative processing of bi-modal data through a unified graph neural network architecture. Specifically: extracting the control flow and data dependency features from binary disassembly, and capturing the system call sequence with time attributes in the sandbox environment; After encoding the two types of features into heterogeneous relationship graphs, a two-branch network is adopted to process the static topology (graph convolutional layer) and dynamic sequence (graph attention layer) respectively; Finally, the classification decision-making is achieved by the feature fusion module. In the benchmark test set of EMBER, VirusShare, and CIC-MalMem, the accuracy rate of the framework exceeded 95%, which is 4 to 7 percentage points higher than the single-modal baseline. The recall rate of unknown malware families remained above 92%, and the single-sample detection time was less than 50 milliseconds. The ablation experiment confirmed that static features effectively resist shell confusion and dynamic temporal attributes improve the recognition of distorted viruses. The current system has limitations on anti-sandbox detection technology. Further research suggests combining reinforcement learning to dynamically adjust the sandbox depth and introducing contractive learning to optimize the discriminative ability of graph embedding.

Keywords:

Malware Detection, Graph Neural Networks, Static Analysis, Dynamic Analysis, Feature Fusion

View PDF
Tang,J. (2025). Fusion of Static and Dynamic Features for Malware Detection: A Graph Neural Network Approach to Behavioral Representation and Classification. Applied and Computational Engineering,176,16-22.

References

[1]. Li, F., Zhang, Y., & Wang, Z. (2021). Android malware detection via graph representation learning. Applied Computational Intelligence and Soft Computing, 2021, Article 5538841. Wiley Online Library

[2]. Wang, X., Zhao, Q., & Liu, T. (2022). A multi-view feature fusion approach for effective malware detection. Future Generation Computer Systems, 129, 48–60.

[3]. Zhang, Y., Huang, L., & Chen, S. (2024). Feature graph construction with static features for malware detection. arXiv preprint arXiv: 2404.16362. arXiv

[4]. Smith, J., Doe, R., & Patel, K. (2024). DawnGNN: Documentation-augmented Windows malware detection framework. Journal of Network and Computer Applications, 206, Article 103385.

[5]. Kumar, A., Singh, P., & Reddy, S. (2025). MalHAPGNN: An enhanced call graph-based malware detection framework. Sensors, 25(2), 374. MDPI

[6]. Chen, B., Li, J., & Wu, Y. (2023). Behavior-based Java malware detection via graph neural network. Applied Sciences, 13(11), 6526. PMC

[7]. García, R., Müller, T., & Lee, S. (2025). On the consistency of GNN explanations for malware detection. arXiv preprint arXiv: 2504.16316. arXiv

[8]. Patel, D., Rao, N., & Kim, H. (2025). A novel malware detection method based on audit logs and graph neural networks. Expert Systems with Applications, 214, 119000.

[9]. Li, H., Zhao, M., & Yang, X. (2023). Dynamic malware analysis based on API sequence semantic fusion. Applied Sciences, 13(11), 6526. MDPI

[10]. Johnson, P., & Xu, Q. (2022). Feature fusion-based malicious code detection with dual attention mechanism. Computers & Security, 115, 102687.

References

[1]. Li, F., Zhang, Y., & Wang, Z. (2021). Android malware detection via graph representation learning. Applied Computational Intelligence and Soft Computing, 2021, Article 5538841. Wiley Online Library

[2]. Wang, X., Zhao, Q., & Liu, T. (2022). A multi-view feature fusion approach for effective malware detection. Future Generation Computer Systems, 129, 48–60.

[3]. Zhang, Y., Huang, L., & Chen, S. (2024). Feature graph construction with static features for malware detection. arXiv preprint arXiv: 2404.16362. arXiv

[4]. Smith, J., Doe, R., & Patel, K. (2024). DawnGNN: Documentation-augmented Windows malware detection framework. Journal of Network and Computer Applications, 206, Article 103385.

[5]. Kumar, A., Singh, P., & Reddy, S. (2025). MalHAPGNN: An enhanced call graph-based malware detection framework. Sensors, 25(2), 374. MDPI

[6]. Chen, B., Li, J., & Wu, Y. (2023). Behavior-based Java malware detection via graph neural network. Applied Sciences, 13(11), 6526. PMC

[7]. García, R., Müller, T., & Lee, S. (2025). On the consistency of GNN explanations for malware detection. arXiv preprint arXiv: 2504.16316. arXiv

[8]. Patel, D., Rao, N., & Kim, H. (2025). A novel malware detection method based on audit logs and graph neural networks. Expert Systems with Applications, 214, 119000.

[9]. Li, H., Zhao, M., & Yang, X. (2023). Dynamic malware analysis based on API sequence semantic fusion. Applied Sciences, 13(11), 6526. MDPI

[10]. Johnson, P., & Xu, Q. (2022). Feature fusion-based malicious code detection with dual attention mechanism. Computers & Security, 115, 102687.

Cite this article

Tang,J. (2025). Fusion of Static and Dynamic Features for Malware Detection: A Graph Neural Network Approach to Behavioral Representation and Classification. Applied and Computational Engineering,176,16-22.

Data availability

The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.

About volume

Volume title: Proceedings of the 3rd International Conference on Machine Learning and Automation

ISBN: 978-1-80590-239-3(Print) / 978-1-80590-240-9(Online)
Editor: Hisham AbouGrad
Conference website: 978-1-80590-240-9
Conference date: 17 November 2025
Series: Applied and Computational Engineering
Volume number: Vol.176
ISSN: 2755-2721(Print) / 2755-273X(Online)

© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license. Authors who publish this series agree to the following terms:

1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this series.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this series.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See Open access policy for details).

For authors
For editors
For reviewers

Cookies are used by this site.
Copyright © 2024 EWA Publishing, its licensors, and contributors. All rights reserved, including text and data mining, AI training, and similar technologies.