Affiliation:
1. School of Cyber Engineering, Xidian University, Xi’an, Shaanxi, China
2. School of Computer Science & Technology, Xidian University, Xi’an, Shaanxi, China
Abstract
With the widespread usage of Android smartphones in our daily lives, the Android platform has become an attractive target for malware authors. There is an urgent need for developing an automatic malware detection approach to prevent the spread of malware. The low code coverage and poor efficiency of the dynamic analysis limit the large-scale deployment of malware detection methods based on dynamic features. Therefore, researchers have proposed a plethora of detection approaches based on abundant static features to provide efficient malware detection. This paper explores the direction of Android malware detection based on graph representation learning. Without complex feature graph construction, we propose a new Android malware detection approach based on lightweight static analysis via the graph neural network (GNN). Instead of directly extracting Application Programming Interface (API) call information, we further analyze the source code of Android applications to extract high-level semantic information, which increases the barrier of evading detection. Particularly, we construct approximate call graphs from function invocation relationships within an Android application to represent this application and further extract intrafunction attributes, including required permission, security level, and Smali instructions’ semantic information via Word2Vec, to form the node attributes within graph structures. Then, we use the graph neural network to generate a vector representation of the application, and then malware detection is performed on this representation space. We conduct experiments on real-world application samples. The experimental results demonstrate that our approach implements high effective malware detection and outperforms state-of-the-art detection approaches.
Funder
Fundamental Research Funds for the Central Universities
Subject
Computer Networks and Communications,Computer Science Applications
Reference52 articles.
1. CatraDroid: A Call Trace Driven Detection of Malicious Behaiviors in Android Applications
2. Drebin: effective and explainable detection of android malware in your pocket;D. Arp
3. Mining API Calls and Permissions for Android Malware Detection
4. Droidmat: android malware detection through manifest and api calls tracing;D.-J. Wu
5. Droidsieve: fast and accurate classification of obfuscated android malware;G. Suarez-Tangil
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献