2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)
2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC) | 979-8-3315-3283-3/24/$31.00 ©2024 IEEE | DOI: 10.1109/SYNASC65383.2024.00074
Control Flow Graphs against malware: methods of
analysis and detection.
Prejban Mircea-George
Faculty of Mathematics and Computer Science
West University of Timisoara
Timisoara, Romania
[email protected]
[email protected]
Abstract—One key component of a cyberattack is malware. If
a malware program is detected and blocked the cyberattack may
stagger or fail, thus bad actors design their malware programs
with additional characteristics and functionalities that harden
the analysis of the malware program and make the malware
undetectable by antivirus solutions. With the appearance of
more advanced malware new detection methods are needed.
With the help of reverse engineering techniques and software
engineering concepts, one model that analysts can work with is
Control Flow Graphs. Used for software optimization, control-
flow-graphs offer the advantage of graph properties for analysts
to detect malicious particularities in malware samples. This paper
explores some methods of detection and analysis based on control
flow graphs, categorizes them in four categories and highlights
different particularities in these approaches.
Index Terms—Malware, Malware Detection, Control Flow
Graph.
I. I NTRODUCTION
The number of cyberattacks is increasing and the
complexity of cyberthreats is rising. One framework for
cyberattacks is Mitre’s ATT&CK Matrix which focuses on
adversary techniques based on observations from the real
world. [1]. This framework defines a cyberattack as a series
of techniques and additionally profiles APT groups and
malware families with these techniques. By this framework
a cyberattack does not necessarily follow a pattern and is
more explicit as specific techniques can be missing or can be
added. Based on this framework we define a cyberattack as
a series of stages in which bad actors deploy their malicious
actions and assets to achieve their proposed objectives. In
these series of stages one key element that may appear is
malware.
Malware is a software program designed to execute
malicious actions inside a computer system. Malware is
classified based on various factors such as functionality,
characteristics, target system or iterations. Based on this, the
malware kingdom is vast with many types and families of
malicious programs. As bad actors need to achieve multiple
objectives malware programs are designed to have multiple
malicious functionalities. Nowadays we see more and more
hybrid malware which inherits the functionalities of other
malware types. Moreover malware programs are designed
2470-881X/24/$31.00 ©2024 IEEE
DOI 10.1109/SYNASC65383.2024.00074
Authorized licensed use limited to: RV University. Downloaded on March 17,2025 at 05:26:19 UTC from IEEE Xplore. Restrictions apply.
Ciprian Pungila
Faculty of Mathematics and Computer Science
West University of Timisoara
Timisoara, Romania
to be evasive from detection systems and to be persistent.
Evasion can be achieved through mutation mechanisms
such as polymorphism, metamorphism or obfuscation. In
case of malware persistence the focus is on executing the
malicious code for longer periods of time with the malware
being harder to be disrupted and detected. In case of more
advanced malware, which usually have evasion capabilities, it
is necessary to analyze the malware in order to understand its
capabilities and eventually build rules and update signatures
of the protection software.
Malware analysis consists in observing the behaviour of
a malware sample through static and dynamic means. By
static analysis the analysts extracts different information and
characteristics from a malware sample without executing
the malicious program. By dynamic analysis the malware
is being executed and observed inside a safe environment.
Malware analysis is a complex and time-consuming task
as advanced malware employ anti-analysis methods such
as: code obfuscation techniques, packing (compression and
encryption), information hiding, detection of debuggers,
virtual machines and monitoring tools [2]. The process of
malware analysis is being automated for faster detection and
response inside defensive solutions. One of the concepts
which automation in malware analysis focuses on is the
concept of Control Flow Graphs.
Control Flow Graphs (CFG) are directed graph representa-
tions of a program’s code. In these graph representations the
nodes are represented in blocks of code and the edges represent
the flow transitions of the program. Control Flow Graphs
found usages in code analysis and optimization, compilers and
software plagiarism checking [3]. In malware analysis these
control flow graphs give the analyst a bird-view of the malware
samples and moreover the analyst can use different graph prop-
erties to his advantage to find different malware properties.
CFGs are structures with explicit information which present a
good potential for automated detection and analysis.
II. R ESEARCH M ETHODOLOGY
In our study we mainly try to project a taxonomy of
CFG-based malware methods for analysis and detection and
412
highlight the particularities in these methods. As the trend
in developing such methods gained focus on machine and
deep learning we are trying to include methods based on
algorithmic approaches (such as subgraph isomorphism or
pattern matching) and formal approaches (such as automatons
or predicate logic based methods) which most of these were
published over 10 years ago. Pattern matching, for example, is
still used in malware analysis today and represents a worthy
domain to include in our study. In our review we included
papers that:
• propose a detection, classification or analysis method or
tool for malware that at least uses Control Flow Graphs.
• propose a malware characteristic detection method based
on Control Flow Graph. Malware characteristics may
refer, for example, at detection of infected code by
viruses, metamorphic traces in malware programs, etc.
• are published on a trustworthy high-quality plat-
form/database, respectively in our study we picked papers
from platforms such as: IEEE Xplore, ACM Digital
Library, Springer Link and Science Direct.
In our study we are trying to achieve the following objec-
tives:
• Identify the research trends of the methods for malware
detection that use Control Flow Graphs by constructing
a timeline.
• To build a broad categorization of malware detection
methods that use Control Flow Graphs with focus on their
detection methods and procedures used.
• To highlight the use cases of Control Flow Graphs in
the included approaches. This will be reflected on the
procedures applied on CFGs.
The development of CFG-based malware detection methods
shows a wide variety of tactics used against certain types
of malware. In figure 1 we display a timeline of some
methods with a color-coded classification. Red dots represent
algorithmic methods which simply use different algorithmic
procedures for processing and detection, green dots represent
formal methods which focus on automatons and logic, blue
dots are methods based on traditional machine learning models
and violet dots are deep learning based methods which focus
on neuronal networks. From the timeline we observe how more
A.I based detection approaches are being proposed and how
less algorithmic methods are being developed.
III. M ALWARE D ETECTION WITH CFG
Control flow graphs present potential through their
properties in the analysis and detection of malware and
usefulness in other malware related problems. CFGs are
usually firstly extracted automatically from malware samples
using various tools for software reverse engineering such as:
Ghidra, IDA Pro, etc. After extraction, the control flow graph
is used for different procedures that simplify, transform or
extract information. We go through big four categories of
detection methods based on CFGs.
413
Authorized licensed use limited to: RV University. Downloaded on March 17,2025 at 05:26:19 UTC from IEEE Xplore. Restrictions apply.
A. Malware Detection by Algorithms
Malware detection is the process of automatically telling
whether an executable inside a system is malicious or not.
This detection is classically made by checking signatures
from previous analysis (hashes, YARA Rules, etc). This first
category focuses on CFG methods that rely exclusively on
algorithms for processing and detection.
For example, one approach [11] transforms the malware’s
CFG in a structured code then in a string representation with a
proposed grammar. The classification is done by approximate
pattern matching between the strings representations. Later
an new approach [16] based on the same string grammar
representation is proposed, with a filtering phase based on k-
sized subgraphs and n-grams for the string signatures.
One other approach [10] consists in turning the global CFG
of the malware in an Call Graph that contains dangerous API
calls. The detection is done by a custom subgraph matching
algorithm.
B. Malware Detection by Formalization
Control Flow Graphs present usefulness when it comes to
malware detection as it serves as a different way to signature
a malware. Formalization consists in turning the CFG into an
abstract model which shifts the graph semantics to formulae,
grammars and automata.
In this approach, Christodorescu et al. [38] formalizes the
malware’s code into a general representation of an automaton
and uses annotated CFGs to detect traces of malicious code.
The CFGs of each function of the suspected binary file are
extracted and annotated using a library of abstraction patterns.
The abstraction patterns are also formalized representations of
sequences of variables, sequences of instructions and static
analysis predicates.
A different approach [13] transforms the control flow graph
into a pushdown system. The malware patterns are expressed
in special formulae of predicate logic which are used in the
detection method. Additionally, this approach uses a proce-
dure that optimizes the code model by removing irrelevant
instructions.
C. Malware Detection by Machine Learning
One other concept in malware detection focuses on the
usage of machine learning models and data mining. Control
Flow Graphs, besides their semantic value, they also contain
data about the malware. As malware analysts are looking for
different hints through static analysis so a machine learning
model can point out malicious traces automatically, which
shows promise in automatic detection and response.
One approach by Yuxin et al. [17] consists in the extraction
of sequences of assembly opcodes, the usage of two automatic
selection methods for the opcode sequences and classifying the
features with the help of three models: kNN, decision trees and
SVM. In this approach the CFG is reduced to an execution tree
in order to deal with the problem of loops inside the graph
and additionally to get rid of unreachable components. The
concept of control flow graphs is used here for extracting a

[6] [15]
[5] [11] [14] [18]
[4] [7] [8] [9] [10] [12] [13] [16] [17] [19] [20] [21] [22] [23] [26] [27] [29] [35] [36]
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
Algorithmic Approaches Formal Approaches
Machine Learning Approaches Deep Learning Approaches
Fig. 1. A timeline of CFG-based malware detection approaches with color-coded categories
more concise feature for detection. In this case is the sequences
of assembly instructions.
One other approach [29] focuses on IoT Malware and uses
multiple detection models, one for CFG metrics and another
for action sequences extracted from the suspicious file. For
the graph metrics they use different graph properties which
point out the complexity of the CFG (size, diameter, shortest
path in graph, etc.). The action sequences are build from
an action graph derived from the CFG which represent the
malware behaviour concept the models are working with. The
models chosen for the experimental phase were: C-Means,
SVM, kNN, Naive Bayes, Random forest and Rotation Forest
which showed good overall accuracy.
D. Malware Detection by Deep Learning
Neuronal Networks have proved their efficiency and opened
the gates to a new field of automated problem solving. The
many types of Neural Networks have found their way into
malware detection methods and CFGs are also used with these
types of models to detect malware fast and accurately.
One approach [22] makes the use of Convolutional Neuronal
Networks (CNN) to detect malware from Adjacency Matrices
of CFGs. Moreover, CFGs are being augmented with addi-
tional edges to instructions. Besides CNN, Graph Neuronal
Networks (GNN) and Graph Isomorphism Networks (GIN)
are used. In this approach [33] Attributed CFGs are used with
a GNN based Classifier to generate node embeddings which
are later used to an explainer model for detailed analysis.
IV. S PECIALIZED D ETECTION
Besides general detection of malware, control flow graphs
have seen usage in other sides of malware analysis and
detection. Some methods were specialized in detecting mal-
ware characteristics (such as metamorphism, attack techniques,
infected code, etc.) while other approaches are specialized on
certain types of malware.
For example malware mutation was treated early in the CFG
detection methods timeline. As Polymorphic and Metamorphic
malware represent an advanced threat that can evade hash-
based signature detection, methods of based on CFGs show
promise. One strategy proposed by Bruschi et al. [4] consists
detecting self-mutating malware based on CFG transforma-
tions and comparisons. The normalization process focuses on
Authorized licensed use limited to: RV University. Downloaded on March 17,2025 at 05:26:19 UTC from IEEE Xplore. Restrictions apply.
[34]
[33]
[32]
[25] [31]
[24] [28] [30] [37]
getting rid of the trash code that normally a metamorphic
malware would produce through mutation and it implies
translating the machine code to a more explicit representation
and applying code transformations based on control flow and
data flow analysis. The code comparator phase relies on graph
isomorphism and node and edge labeling on the CFG of the
whole program.
One other malware characteristic detection approach was
focused on infected code. Viruses are malware programs that
leave a payload inside an executable, modifying its behavior.
CFGs proved useful in this case too, with one formal approach
[8] based on tree automata and subgraph isomorphism and
another approach based on data mining [14].
With the appearance of deep learning models specialized
detection got a few new attempts of methods. For cyberthreat
intelligence, automated Malware Homology [25] and identifi-
cation of Attack Techniques [27] are approached using CFGs
and custom architectures composed of CNNs or GNNs.
V. D ISCUSSION
In the Figure 2 we enumerate the problems approached,
additional procedures used on CFGs and detection components
for the studied methods in our proposed categories.
CFGs are useful structures when it comes to malware
analysis. With the need of automated detection methods for
faster detection and response CFGs proved their versatility.
However, in the contrast of performance CFGs tend to be
heavy and complex structures. Malware’s complexity is
determined by many factors such as the malware type, target
platform and malware design. For example, IoT-specialized
malware generate less complex graphs while Android Malware
have more nodes and edges and topological differences [39].
Additionally, for Windows malware the number of nodes may
range from a few hundreds to tens of thousands as Windows
malware has a bigger variety and due to the Windows’s
system particularities and the Windows APIs, which justifies
the need of optimization methods. In every type of approach
we see a form of optimization by code or graph reduction.
For example, for graph reductions we see methods such as
node merging [19], node removal by tree conversion [17].
Other approaches rely on code removal from the nodes for
different purposes. Some approaches take measures in case the
malware program employs anti-analysis techniques such as
414
 Fig. 2. Category table for malware detection approaches on CFGs
obfuscation [4] [9] while other approaches remove most of the
code for analyzing relevant instructions such as API calls [15].
We observe differences in these malware detection methods.
Mainly formal and algorithmic methods revolve over pattern
matching detection [11]. As we are dealing with the concept
of graphs, subgraph isomorphism is also the detection
component for malware [8] [4]. With the introduction of
Artificial Intelligence and machine learning models the
malware methods are now focused heavily on feature
extraction and malicious feature detection. The detection
component is focused on the classifier, the machine learning
model responsible for telling if the binary file is malicious or
not. Quality measures should be taken for the classifiers in
order to enhance their malware detection capabilities such as
adversarial example resistance and richer and balanced data
sets for different malware families and benign samples.
CFG based approaches show promise in specialized
detection, with approaches that prove detection of some
types of more advanced malware. Regarding malware types,
algorithmic and formal approaches were addressing the trend
of threats at those times. For instance the focus was on
viruses, worms, metamorphic and polymorphic malware.
Now these approaches, along with machine-learning based
ones, are taking a focus on new threats that emerged with the
advancements of computer systems and devices. Specifically,
we see methods focused on Android and IoT malware.
Malicious characteristics are also being addressed with
such approaches but predominantly metamorphic [19] and
polymorphic mechanisms [5] were the focus along with
virus infections [8]. Other malware characteristics addressed
through these approaches seem to be cyberthreat related, such
as the MITTRE ATT&CK Techniques Identification [27] and
Malware Homology [25].
415
Authorized licensed use limited to: RV University. Downloaded on March 17,2025 at 05:26:19 UTC from IEEE Xplore. Restrictions apply.
VI. C ONCLUSIONS
In this study we categorized approaches of malware
detection based on CFGs in four broad categories. We built
a timeline of the proposed approaches to better view the
trends and numbers. We also gathered information about their
inner workings, pointing out particularities of their additional
procedures used and detection components. CFGs proved
their performance and versatility in detecting malicious
programs and characteristics while being transmuted into
different models and objects. As the research trend is moving
towards machine learning and deep learning approaches
we expect in the future approaches the use of more graph-
like neuronal networks architectures and more A.I based
models to assist in the additional procedures of these methods.
In the future we propose to extend this study by highlight-
ing graph properties used in malware analysis and detection
through these CFGs and evaluate the performance of each
category of approach with respect to what these approaches
are focusing on detecting as each method contains many
particularities regarding the experimental phases.
R EFERENCES
[1] “Att&ck matrix for enterprise,” https://attack.mitre.org/, last accessed on
9th of June 2024.
[2] Y. Gao, Z. Lu, and Y. Luo, “Survey on malware anti-analysis,” in
Fifth International Conference on Intelligent Control and Information
Processing, 2014, pp. 270–275.
[3] D.-K. Chae, J. Ha, S.-W. Kim, B. Kang, and E. G. Im, “Software
plagiarism detection: a graph-based approach,” in Proceedings of the
22nd ACM international conference on Information & Knowledge Man-
agement, 2013, pp. 1577–1580.
[4] D. Bruschi, L. Martignoni, and M. Monga, “Detecting self-
mutating malware using control-flow graph matching,” in
International Conference on Detection of intrusions and
malware, and vulnerability assessment, 2006. [Online]. Available:
https://api.semanticscholar.org/CorpusID:6148086
[5] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, “Poly-
morphic worm detection using structural information of executables,” in
Recent Advances in Intrusion Detection: 8th International Symposium,
 RAID 2005, Seattle, WA, USA, September 7-9, 2005. Revised Papers 8.
Springer, 2006, pp. 207–226.
[6] J. Shin and D. F. Spears, “The basic building blocks of malware,”
Technical Report, University of Wyoming, Tech. Rep., 2006.
[7] G. R. Thompson and L. A. Flynn, “Polymorphic malware detection
and identification via context-free grammar homomorphism,” Bell Labs
Technical Journal, vol. 12, no. 3, pp. 139–147, 2007.
[8] G. Bonfante, M. Kaczmarek, and J.-Y. Marion, “Morphological detection
of malware,” in 2008 3rd International Conference on Malicious and
Unwanted Software (MALWARE). IEEE, 2008, pp. 1–8.
[9] V. P., V. Laxmi, M. S. Gaur, G. P. Kumar, and Y. S. Chundawat,
“Static cfg analyzer for metamorphic malware code,” in Proceedings
of the 2nd International Conference on Security of Information
and Networks, ser. SIN ’09. New York, NY, USA: Association
for Computing Machinery, 2009, p. 225–228. [Online]. Available:
https://doi.org/10.1145/1626195.1626251
[10] H. Guo, J. Pang, Y. Zhang, F. Yue, and R. Zhao, “Hero: A novel
malware detection framework based on binary translation,” in 2010
IEEE International Conference on Intelligent Computing and Intelligent
Systems, vol. 1. IEEE, 2010, pp. 411–415.
[11] S. Cesare and Y. Xiang, “Classification of malware using structured
control flow,” in Proceedings of the Eighth Australasian Symposium on
Parallel and Distributed Computing-Volume 107. Citeseer, 2010, pp.
61–70.
[12] Z. Zhao, “A virus detection scheme based on features of control flow
graph,” in 2011 2nd International Conference on Artificial Intelligence,
Management Science and Electronic Commerce (AIMSEC). IEEE,
2011, pp. 943–947.
[13] F. Song and T. Touili, “Efficient malware detection using model-
checking,” in International Symposium on Formal Methods. Springer,
2012, pp. 418–433.
[14] M. Eskandari and S. Hashemi, “Ecfgm: enriched control flow graph
miner for unknown vicious infected code detection,” Journal in Com-
puter Virology, vol. 8, pp. 99–108, 2012.
[15] P. Faruki, V. Laxmi, M. S. Gaur, and P. Vinod, “Mining control
flow graph as api call-grams to detect portable executable malware,”
in Proceedings of the Fifth International Conference on Security of
Information and Networks, 2012, pp. 130–137.
[16] S. Cesare, Y. Xiang, and W. Zhou, “Control flow-based malware variant-
detection,” IEEE Transactions on Dependable and Secure Computing,
vol. 11, no. 4, pp. 307–317, 2013.
[17] Y. Ding, W. Dai, S. Yan, and Y. Zhang, “Control flow-based opcode
behavior analysis for malware detection,” Computers & Security, vol. 44,
pp. 65–74, 2014.
[18] G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and J. Blasco, “Den-
droid: A text mining approach to analyzing and classifying code struc-
tures in android malware families,” Expert Systems with Applications,
vol. 41, no. 4, pp. 1104–1117, 2014.
[19] S. Alam, I. Traore, and I. Sogukpinar, “Annotated control flow graph
for metamorphic malware detection,” The Computer Journal, vol. 58,
no. 10, pp. 2608–2621, 2015.
[20] M. A. Atici, S. Sagiroglu, and I. A. Dogru, “Android malware analysis
approach based on control flow graphs and machine learning algo-
rithms,” in 2016 4th International Symposium on Digital Forensic and
Security (ISDFS). IEEE, 2016, pp. 26–31.
[21] M. Leslous, V. V. T. Tong, J.-F. Lalande, and T. Genet, “Gpfinder:
tracking the invisible in android malware,” in 2017 12th International
Conference on Malicious and Unwanted Software (MALWARE). IEEE,
2017, pp. 39–46.
[22] M. H. Nguyen, D. Le Nguyen, X. M. Nguyen, and T. T. Quan, “Auto-
detection of sophisticated malware using lazy-binding control flow graph
and deep learning,” Computers & Security, vol. 76, pp. 128–155, 2018.
[23] H. Alasmary, A. Khormali, A. Anwar, J. Park, J. Choi, A. Abusnaina,
A. Awad, D. Nyang, and A. Mohaisen, “Analyzing and detecting
emerging internet of things malware: A graph-based approach,” IEEE
Internet of Things Journal, vol. 6, no. 5, pp. 8977–8988, 2019.
[24] J. Yan, G. Yan, and D. Jin, “Classifying malware represented as control
flow graphs using deep graph convolutional neural network,” in 2019
49th annual IEEE/IFIP international conference on dependable systems
and networks (DSN). IEEE, 2019, pp. 52–63.
[25] J. Liu, Y. Shen, and H. Yan, “Functions-based cfg embedding for
malware homology analysis,” in 2019 26th International Conference on
Telecommunications (ICT). IEEE, 2019, pp. 220–226.
416
Authorized licensed use limited to: RV University. Downloaded on March 17,2025 at 05:26:19 UTC from IEEE Xplore. Restrictions apply.
[26] H. Alasmary, A. Abusnaina, R. Jang, M. Abuhamad, A. Anwar,
D. Nyang, and D. Mohaisen, “Soteria: Detecting adversarial examples
in control flow graph-based malware classifiers,” in 2020 IEEE 40th
International Conference on Distributed Computing Systems (ICDCS).
IEEE, 2020, pp. 888–898.
[27] J. Fairbanks, A. Orbe, C. Patterson, J. Layne, E. Serra, and M. Scheepers,
“Identifying att&ck tactics in android malware control flow graph
through graph representation learning and interpretability,” in 2021 IEEE
International Conference on Big Data (Big Data). IEEE, 2021, pp.
5602–5608.
[28] B. Wu, Y. Xu, and F. Zou, “Malware classification by learning semantic
and structural features of control flow graphs,” in 2021 IEEE 20th
International Conference on Trust, Security and Privacy in Computing
and Communications (TrustCom). IEEE, 2021, pp. 540–547.
[29] K. Bobrovnikova, S. Lysenko, B. Savenko, P. Gaj, and O. Savenko,
“Technique for iot malware detection based on control flow graph
analysis,” Radioelectronic and Computer Systems, no. 1, pp. 141–153,
2022.
[30] Q. Sun, E. Abdukhamidov, T. Abuhmed, and M. Abuhamad, “Leverag-
ing spectral representations of control flow graphs for efficient analysis
of windows malware,” in Proceedings of the 2022 ACM on Asia Confer-
ence on Computer and Communications Security, 2022, pp. 1240–1242.
[31] Y. Gao, H. Hasegawa, Y. Yamaguchi, and H. Shimada, “Malware
detection by control-flow graph level representation learning with graph
isomorphism network,” IEEE Access, vol. 10, pp. 111 830–111 841,
2022.
[32] ——, “Malware detection using attributed cfg generated by pre-trained
language model with graph isomorphism network,” in 2022 IEEE 46th
Annual Computers, Software, and Applications Conference (COMP-
SAC). IEEE, 2022, pp. 1495–1501.
[33] J. D. Herath, P. P. Wakodikar, P. Yang, and G. Yan, “Cfgexplainer:
Explaining graph neural network-based malware classification from
control flow graphs,” in 2022 52nd Annual IEEE/IFIP International
Conference on Dependable Systems and Networks (DSN). IEEE, 2022,
pp. 172–184.
[34] X. Ling, L. Wu, W. Deng, Z. Qu, J. Zhang, S. Zhang, T. Ma, B. Wang,
C. Wu, and S. Ji, “Malgraph: Hierarchical graph neural networks for
robust windows malware detection,” in IEEE INFOCOM 2022-IEEE
Conference on Computer Communications. IEEE, 2022, pp. 1998–
2007.
[35] F. Ullah, S. Ullah, G. Srivastava, and J. C.-W. Lin, “Droid-mcfg: Android
malware detection system using manifest and control flow traces with
multi-head temporal convolutional network,” Physical Communication,
vol. 57, p. 101975, 2023.
[36] P. K. Tiwari, “Malware detection using control flow graphs,” in 2024
2nd International Conference on Device Intelligence, Computing and
Communication Technologies (DICCT). IEEE, 2024, pp. 216–220.
[37] Y. Gao, H. Hasegawa, Y. Yamaguchi, and H. Shimada, “Malware self-
supervised graph contrastive learning with data augmentation.”
[38] M. Christodorescu and S. Jha, “Static analysis of executables to detect
malicious patterns,” in 12th USENIX Security Symposium (USENIX
Security 03), 2003.
[39] H. Alasmary, A. Anwar, J. Park, J. Choi, D. Nyang, and A. Mohaisen,
“Graph-based comparison of iot and android malware,” in Computa-
tional Data and Social Networks, X. Chen, A. Sen, W. W. Li, and M. T.
Thai, Eds. Cham: Springer International Publishing, 2018, pp. 259–272.