This work addresses the limited fine-grained interpretability of existing graph neural network (GNN)-based malware detection approaches, which struggle to provide transparent, code-traceable decision rationales without compromising performance. To bridge this gap, we propose a novel representation based on assembly flow graphs (AFGs), integrating GNNs with a tunable granularity meta-coarsening strategy. This approach simultaneously enhances inference efficiency and yields fine-grained, interpretable detection results. As the first study to introduce fine-grained interpretability into GNN-based malware detection, we validate our method on the CIC-DGG-2025 dataset, demonstrating its effectiveness in jointly optimizing interpretability and detection performance at specific coarsening levels.

As malware continues to become increasingly sophisticated, threatening, and evasive, malware detection systems must keep pace and become equally intelligent, powerful, and transparent. In this paper, we propose Assembly Flow Graph (AFG) to comprehensively represent the assembly flow of a binary executable as graph data. Importantly, AFG can be used to extract granular explanations needed to increase transparency for malware detection using Graph Neural Networks (GNNs). However, since AFGs may be large in practice, we also propose a Meta-Coarsening approach to improve computational tractability via graph reduction. To evaluate our proposed approach we consider several novel and existing metrics to quantify the granularity and quality of explanations. Lastly, we also consider several hyperparameters in our proposed Meta-Coarsening approach that can be used to control the final explanation size. We evaluate our proposed approach using the CIC-DGG-2025 dataset. Our results indicate that our proposed AFG and Meta-Coarsening approach can provide both increased explainability and inference performance at certain coarsening levels. However, most importantly, to the best of our knowledge, we are the first to consider granular explainability in malware detection using GNNs.