The existing research on Android malware detection using graph neural networks (GNNs) has largely focused on architectural improvements, while input node feature representations have received less systematic attention. This study adopts a representation-centric approach to enhance function call graph (FCG)-based malware classification through interpretability-driven feature engineering. We propose a dual-level structural feature framework integrating local topological patterns with global graph-level properties. The initial feature set comprises 13 dimensions: five local degree profile (LDP) features and eight global structural features capturing community structure, execution flow, and connectivity patterns. To mitigate the curse of dimensionality, we apply an interpretability-driven selection using integrated gradients (IG), gradient-weighted class activation mapping (GradCAM), and Shapley additive explanations (SHAP), yielding an optimized seven-dimensional subset. Experiments on the MalNet-Tiny benchmark demonstrate that the proposed approach achieves 94.47 ± 0.25% accuracy with jumping knowledge GraphSAGE (JK-GraphSAGE), improving the LDP-only baseline by 0.32 percentage points while reducing feature dimensionality by 46%. The selected features exhibit consistent importance across four GNN architectures and multiple message-passing layers, demonstrating model-agnostic effectiveness. The results reveal that aggregation mechanisms critically influence feature utility, highlighting the necessity of interpretability-guided design for robust malware detection. This work provides a systematic methodology for feature engineering in graph-based security applications.
Kim et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: