Behavioral Drift–Aware Malware Detection: A Survey of Graph Neural Networks for Explainable and Operational Deployment
1. Yogesh S,
Student, St Peters Institute for Higher Education and Research, India
2. Sheela E,
Assistant Professor, St Peters Institute for Higher Education and Research, India
This survey presented a comprehensive review of
graph-based malware detection techniques leveraging Graph Neural Networks
(GNNs), with a particular focus on behavioral drift, explainability,
adversarial robustness, and operational deployment. As modern malware
increasingly adopts obfuscation, polymorphism, and adaptive execution
strategies, traditional static and signature-based approaches have become
insufficient. Graph-based representations, including static, dynamic, and
hybrid behavior graphs, offer a powerful abstraction for capturing the
structural and semantic characteristics of malware behavior.
We systematically examined malware behavior
graph construction techniques, state-of-the-art GNN architectures, and diverse
learning paradigms ranging from supervised to self-supervised and continual
learning. Special emphasis was placed on explainable AI (XAI) methods, which
are essential for building trust and enabling effective integration of
GNN-based detectors into real-world security operations. Furthermore, we
analyzed adversarial attacks targeting graph-based detectors and reviewed
robustness-enhancing strategies necessary for sustaining long-term
effectiveness under evolving threat landscapes.
Through a detailed discussion of datasets, evaluation protocols, and deployment considerations, this survey highlighted the gap between academic research and practical deployment. Finally, we identified key open research challenges and outlined future directions aimed at building scalable, interpretable, and resilient malware detection systems capable of adapting to behavioral drift and adversarial manipulation. We hope this survey serves as a valuable reference and roadmap for researchers and practitioners working toward operationally deployable GNN-based malware defense solutions.
The author(s) conducted the literature review, analyzed existing malware detection techniques, organized the findings, and wrote the manuscript. All authors reviewed and approved the final version of the manuscript.
This research received no external funding.
The authors declare no conflict of interest.
No new data were created or analyzed in this study. Data sharing is not applicable to this article.
Reference management and manuscript preparation were carried out using standard word processing and citation management tools.
Not applicable.
St Peters Institute for Higher Education and Research, Student, India
St Peters Institute for Higher Education and Research, Assistant Professor, India
Copyright: ©2026 Corresponding Author. This is an open access article distributed under the terms of the Creative Commons Attribution License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
S, Yogesh, and E, Sheela. “Behavioral Drift–Aware Malware Detection: A Survey of Graph Neural Networks for Explainable and Operational Deployment.” Scientific Research Journal of Science, Engineering and Technology, vol. 4, no. 1, 2026, pp. 10-26, https://isrdo.org/journal/SRJSET/currentissue/behavioral-driftaware-malware-detection-a-survey-of-graph-neural-networks-for-explainable-and-operational-deployment
S, Y., & E, S. (2026). Behavioral Drift–Aware Malware Detection: A Survey of Graph Neural Networks for Explainable and Operational Deployment. Scientific Research Journal of Science, Engineering and Technology, 4(1), 10-26. https://isrdo.org/journal/SRJSET/currentissue/behavioral-driftaware-malware-detection-a-survey-of-graph-neural-networks-for-explainable-and-operational-deployment
S Yogesh and E Sheela, Behavioral Drift–Aware Malware Detection: A Survey of Graph Neural Networks for Explainable and Operational Deployment, Scientific Research Journal of Science, Engineering and Technology 4, no. 1(2026): 10-26, https://isrdo.org/journal/SRJSET/currentissue/behavioral-driftaware-malware-detection-a-survey-of-graph-neural-networks-for-explainable-and-operational-deployment
| HTML | XML | Total | |
|---|---|---|---|
| 38 | 47 | 22 | 107 |
Average Rating