Professional Documents
Culture Documents
SNDGCN - Robust Android Malware Detection Based On Subgraph Network and Denoising GCN Network
SNDGCN - Robust Android Malware Detection Based On Subgraph Network and Denoising GCN Network
SNDGCN - Robust Android Malware Detection Based On Subgraph Network and Denoising GCN Network
net/publication/379749566
CITATIONS READS
0 83
4 authors, including:
Xiaofeng Lu
Beijing University of Posts and Telecommunications
51 PUBLICATIONS 820 CITATIONS
SEE PROFILE
All content following this page was uploaded by Xiaofeng Lu on 12 April 2024.
Keywords: Android malware seriously affects the use of Android applications, and a growing number of Android malware
Android malware detection developers are using adversarial attacks to evade detection by deep learning models. This work proposes an
Call graph Android malware detection model based on the Android function call graph (FCG) and the denoising graph
Graph convolutional neural network
convolutional network (GCN) that is resistant to adversarial attacks. Methods are also proposed to simplify the
Adversarial attack
FCG to reduce its size, and to construct vertex feature vectors. Because attackers may employ adversarial attack
methods, the proposed model uses the subgraph network (SGN) to detect the underlying structural features of
the FCG to discover the degree of the obfuscation attack. A denoising graph neural network (GNN) is designed,
and the 1-Lipschitz-based neural network denoising method is applied to graph convolution. Moreover, the
degree of denoising is adjusted according to the degree of obfuscation, which enhances the robustness of the
model. The GCN performs the feature vector extraction of the FCG, and a multilayer perceptron (MLP) is used
as the classifier. The results of experiments show that the 𝐹1 value of the proposed Android malware detection
method is higher than those of other malware detection models for different levels of obfuscation attacks, thus
demonstrating its effectiveness against such attacks.
1. Introduction and the misjudgment rate of the model is significantly increased (Grosse
et al., 2016). Although dynamic detection models collect and use the
As an open-source mobile operating system based on the Linux dynamic characteristics of the sample during operation, the dynamic
kernel, Android is popular because of its openness. While the openness characteristics themselves have strong instability and limitations, and
of the Android system brings convenience to developers and users, it it is challenging to ensure that an inspector can capture malicious
has also led to the generation of malicious software based on the An- behavior within a short runtime. It is also impossible to traverse all
droid platform, which has seriously affected the Android environment the logic branches and code branches of the sample software; thus, its
and harmed the interests of users. Therefore, research on the security behavior features cannot be fully obtained.
mechanisms and malware detection of the Android operating system To achieve a better Android malware recognition effect, the ad-
has become a top priority in mobile security (Sihag et al., 2021). vantages of the static and dynamic features of the sample must be
Many researchers have used static (Schmeelk et al., 2015) and dy- combined. To achieve this, features can be extracted from the function
namic (Wong & Lie, 2016) detection methods to study the recognition call graph (FCG, or call graph, CG) of the Android application (Niu
and detection of Android malware. These methods, especially some et al., 2020). Although the FCG is a static feature, it can reflect the
methods based on machine learning and deep learning (Qiu et al., dynamic behavior characteristics of Android applications. However, at
this stage, APK has a large scale, and its FCGs often contain a large
2020), have achieved good results. However, despite their outstanding
number of API nodes. When processing the FCG, a lot of memory space
performance, these models still have some problems. For example, it
is occupied and the detection accuracy is reduced; thus, simplification
is very easy for malware developers to modify the malware’s source
is required (Wu et al., 2019).
code, making the static features of the sample (such as the API call
Second, because the FCG has a non-Euclidean graph data structure,
frequency, opcode sequence, sensitive permissions, etc.) invalid. As a
it is difficult to extract features by convolutional neural networks
result, detection models based solely on static features are vulnerable,
∗ Corresponding author at: National Engineering Center for Mobile Internet Security Technology, Beijing University of Post and Telecommunications, Beijing,
China.
E-mail addresses: luxf@bupt.edu.cn (X. Lu), zhaojl@bupt.edu.cn (J. Zhao), zsh239040@bupt.edu.cn (S. Zhu), pl219@cam.ac.uk (P. Lio).
https://doi.org/10.1016/j.eswa.2024.123922
Received 27 February 2023; Received in revised form 10 March 2024; Accepted 4 April 2024
Available online 10 April 2024
0957-4174/© 2024 Published by Elsevier Ltd.
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
(CNNs) and other methods. In recent years, the concept of the graph method, however, is that the initial detection effect of malware variants
convolutional network (GCN) has emerged, the main idea of which is is weak because the robustness of the model must be enhanced after
to generate the representation of vertices by summarizing the char- training. Furthermore, the dimension of the feature vector used by
acteristics of the vertices themselves and the characteristics of vertex the detection model is relatively singular, and is mainly based on
neighbors. The GCN calculates the representation of vertices by stack- permission information. It is thus difficult to comprehensively cover
ing multiple graph convolution layers. Therefore, the use of a graph various characteristics of Android application samples. İbrahim et al.
neural network (GNN) to process the FCG of the app is proposed in the (2022) studied the features and types of Android malware using a GRU
present work. model, the input of which included numerous Android app features.
Third, assuming that the attacker knows that the malicious code With the introduction of GNNs, researchers began to use these
detection model is based on the FCG, the attacker must use anti-attack networks for malware detection. For instance, Feng et al. (2020) used
technology, such as the Android code obfuscation technique (Dong a GNN to extract the features of call graphs, generate vectorized
et al., 2018), to deceive the detection model. Thus, not only should the representations of Android applications, and then classify them via
FCG be simplified, but some attacks should also be filtered out from the a multilayer perceptron (MLP), and achieved good results. However,
perspective of the FCG. In the proposed method, the first- and second- they also pointed out that although this method has a high recognition
order subgraph networks (SGNs) are used to reconstruct the original rate for Android malware, it cannot defend against adversarial attacks;
FCG to detect the counterattack of the FCG. attackers can avoid detection by obfuscating the source code. Gao
The extant research has generally only considered one technical et al. (2021) proposed GDroid, which uses a heterogeneous GNN to
point in malware detection, such as the node characteristics, graph map applications and Android APIs into a large heterogeneous graph,
construction, the graph scale, the detection model, adversarial training, thereby transforming the original problem into a node classification
etc., while no researchers have studied several issues comprehensively. task. A GNN is used to iteratively generate node embeddings contain-
In addition, no previous studies have analyzed whether adversarial at- ing topology and node features, after which the nodes are classified.
tacks existed in the detected software, and none of the proposed models Experiments carried out by the researchers demonstrated that GDroid
have removed the attack content from the detected data. Thus, when could detect 98.99% of Android malware with a false positive rate of
these models encounter an app that has been modified by hackers, they less than 1%. However, the heterogeneous graphs contain too few types
cannot detect such malicious apps. To solve these problems, this paper of information, including only APPs and APIs, and other important
proposes a robust Android malware detection model based on SGNs information, such as system permissions, is not considered. Therefore,
and a denoising GCN, named SNDGCN, based on the use of the FCGs the robustness of the model to adversarial attacks may be insufficient,
of Android applications. SNDGCN uses the first- and second-order SGNs as an attacker can modify the system’s API calls to evade detection.
to reconstruct the original FCG to detect the adversarial attack of the In addition to FCGs, other types of graphs have been proposed. Lin
FCG. To reduce the influence of the adversarial attack on the model et al. (2023) used CICFlowMeter-V3 to extract more than 80 network
to the greatest possible extent, a 1-Lipschitz-based neural denoising traffic characteristics from three states of software execution (instal-
GCN is applied to remove the attack effect in the detected app, which lation, before reboot, and after reboot) to build a network traffic
can improve the robustness of the model. The proposed method is diagram of the malware. The information in the diagram was then
compared with some baseline models on different datasets, and the analyzed to explore correlations between malware and its family classi-
presence of adversarial attacks is simulated. The experimental results fication. Esmaeili et al. (2023) proposed a dynamic malware detection
show that SNDGCN achieves higher accuracy and 𝐹1 values than the method based on a control flow diagram, in which nodes represent the
state-of-the-art methods, and exhibits significantly higher robustness uninterrupted instruction sequence in the basic instruction block and
against apps with adversarial attacks, thus indicating the effectiveness edges represent the transfer of instruction flow. However, this malware
of the proposed method. detection method based on dynamic analysis has some limitations, such
The main contributions of this research are summarized as follows. as incomplete feature extraction, a dependent execution environment,
and anti-sandbox detection, which may lead to higher misjudgment and
(1) To date, this is the first study to analyze whether adversarial missed judgment.
attacks have been carried out on the tested apps and analyze One disadvantage of using a GNN is that the scale of graph nodes
the extent of the attacks. SGNs are used to detect whether an is large, thus contributing to low graph operation efficiency. As such,
app has undergone adversarial modifications. some researchers have proposed ways to reduce the size of the graph.
(2) This is the first research to automatically adjust the hyper- For instance, to carry out Android malware detection, He et al. (2022)
parameters in the denoising neural network according to the proposed to extract the FCG based on code snippets, and the results
degree of adversarial attacks, thus clarifying the effect of ad- of experiments demonstrated that this method could effectively deal
versarial attacks. with zero-day threats, application evolution, and code obfuscation.
(3) This paper comprehensively studies the multidimensional node However, this detection method based on code fragments ignores the
characteristics of malware, the graph structure, graph pruning, dynamic nature of program execution, destroys the integrity of the ex-
and adversarial attack detection and removal. ecution path of malicious code, and easily leads to higher misjudgment
and missed judgment. Liu et al. (2024) used graph pruning technology
2. Related works to build a sensitive FCG on the original FCG, which retained the context
of sensitive API calls and deleted irrelevant nodes in the FCG.
Before GNNs were applied to malware detection, many other models Because deep learning models are susceptible to adversarial sample
and methods were proposed. DREBIN (Arp et al., 2014) is a lightweight attacks, many methods have been proposed to improve the robustness
Android malware detection method that performs static analysis and of malware detection systems. One research direction is to combine
uses a support vector machine (SVM) to implement sample classifi- GNN models with other models. As an example, Pei et al. (2020)
cation. The main contribution of DREBIN lies in feature engineering; proposed a deep learning framework named AMalNet to learn multiple
it gathers eight features from the code and manifest of an applica- embedding representations for Android malware detection and family
tion. Rathore et al. (2021) designed an adversarial attack method for attributions. It uses a version of the GCN to model high-level graphical
Android malware detection models based on reinforcement learning, semantics, which automatically identifies and learns the semantic and
with the goal of maximizing the deception rate while minimizing sequential patterns. Because the GCN cannot capture dependencies
modifications to Android applications and ensuring the functionality between nodes that are far away from each other in the graph, the GCN
and malicious behavior of the applications. The problem with this was combined with IndRNN to further capture remote dependencies
2
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
between nodes in context. Furthermore, DeepCatra (Wu et al., 2023) is 3.2. Function call graph simplification
a multi-view learning approach for Android malware detection, which
consists of a bidirectional long short-term memory (BiLSTM) network Due to the large scale of APK at this stage, its call graph often
and a GNN as subnets. The two subnets rely on features extracted from contains many API nodes, most of which are ordinary nodes necessary
statically computed call traces leading to critical APIs derived from for application operation. These nodes introduce invalid information,
public vulnerabilities. The node features in this GNN are relatively increase the data complexity of the detection system, and reduce the
simple. detection efficiency. Therefore, some nodes are deleted based on the
Another way to improve the robustness of a GNN is to adopt adver- sensitivity of the API. In the Android operating system, sensitive APIs
sarial training. For instance, Li et al. (2024) proposed a new Android provide some important system-level functions and are protected by the
malware detection method based on imbalanced heterogeneous graph security mechanism of system permissions. While these APIs may also
embedding, which uses a heterogeneous graph to model different types be used in normal applications, in malicious software, they are often
of entities (e.g., APPs, APIs, permissions, intentions, etc.). A generative used to implement some malicious behaviors, such as sending spam
adversarial network (GAN) is used to supplement the unbalanced nodes messages, stealing user information, etc. For example, malicious billing
in the dataset, and a heterogeneous information network is used to de- software may call the API for sending text messages, while software that
tect malware. Yumlembam et al. (2022) proposed the addition of nodes steals privacy information may call the API for accessing the address
and edges to the existing API graph to dynamically generate adversarial book. The list of sensitive APIs considered in this study was obtained
samples and improve the detection accuracy of malware based on GAN from Rasthofer’s analysis (Rasthofer et al., 2014) of sensitive APIs.
training. However, this method of directly adding edges and nodes does However, APIs not on the sensitive APIs list cannot simply be deleted.
not guarantee that the app corresponding to the adversarial sample To simplify the call graph and retain its original structure, an 𝑁-hops
will work, as this type of adversarial attack is not the method used by vertex reservation algorithm is proposed.
hackers in the real world. It was found that a sensitive system API will contain more relevant
The previously discussed studies generally only considered one information in the Android application call graph; thus, the FCG is
technical point in malware detection, such as the node characteristics, simplified depending on the sensitive APIs. Whether an API is reserved
graph construction, graph scale, or model robustness, and did not depends on the distance 𝑁 from it to the nearest sensitive API. The
comprehensively consider these points. Furthermore, none of these vertex deletion rule is as follows. Suppose a vertex is not a sensitive
studies investigated the detection and removal of adversarial attacks on API, and the number of hops between it and its nearest sensitive API
the tested apps. The present work proposes the use of SGNs to detect is 𝑥. If 𝑥 is less than a certain threshold, then the vertex can be
whether an app has undergone adversarial modifications. reserved; otherwise, the vertex will be deleted. In Fig. 2, a blue vertex
represents a sensitive API node and a white vertex represents a normal
API node. The distance between 𝑣𝑒𝑟𝑡𝑒𝑥4 and 𝑣𝑒𝑟𝑡𝑒𝑥6 is two hops. If the
3. Function call graph simplification threshold is 1, then 𝑣𝑒𝑟𝑡𝑒𝑥4 can be removed. The simplified call graph
significantly reduces the number of nodes, thus effectively reducing the
3.1. Function call graph computational resource consumption of large-scale call graph analysis.
Algorithm 1 describes the 𝑁-hops vertex reservation algorithm.
The FCG reflects the internal functions of an Android application, Algorithm 1 𝑁-hops vertex reservation algorithm
including the call relationships between the API and developer-defined 1: for each vertex 𝑖 in 𝑣𝑒𝑟𝑡𝑒𝑥_𝑙𝑖𝑠𝑡 do
functions, which can directly reflect its functional characteristics. 2: 𝑟𝑒𝑚𝑜𝑣𝑒 = 𝑡𝑟𝑢𝑒
The Android FCG can be represented by directed graph 𝐺 = ⟨𝑉 , 𝐸⟩, 3: for each sensitive API vertex 𝑗 do
where 𝑉 represents the set of all vertices in the graph. Each vertex 4: if Distance(𝑖, 𝑗) <= 𝑇 ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 then
represents a function extracted from the unpacked and decompiled 5: # Distance function calculates the hops between 𝑖 and 𝑗
smali code file, including Android system library functions and user- 6: 𝑟𝑒𝑚𝑜𝑣𝑒 = 𝑓 𝑎𝑙𝑠𝑒
defined functions. Moreover, 𝐸 indicates that the graph 𝐺 contains a 7: break
set of all relationships (edges). Edges are also important in the FCG, and 8: end if
represent the process of an Android application executing functions. 9: end for
The edge information can also be obtained by traversing the smali code 10: if 𝑟𝑒𝑚𝑜𝑣𝑒 == 𝑡𝑟𝑢𝑒 then
file. In the FCG, the edges represent the call relationships between 11: 𝑑𝑒𝑙𝑒𝑡𝑒𝑉 𝑒𝑟𝑡𝑒𝑥(𝑖)
vertices. As shown in Fig. 1, in the adjacency matrix 𝐴 of the call 12: end if
graph, the corresponding position element is set to 1 if an edge exists; 13: end for
otherwise, it is 0. If Func1 calls Func2, (1, 2) is set to 1. Several difficulties are encountered when introducing the call graph
In function vertex set 𝑉 , the function of each function is mainly to malware detection. First, the FCG is essentially a non-Euclidean
realized by Java library functions and Android system calls. Therefore, structured data type, and its combination with static features, such as
API call information can continue to be mined from function vertices commonly used permission declarations, is more challenging. Second,
and the API sequence can be extracted as vertex information. there may be tens of thousands of vertices in the call graph of Android
3
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
Table 1 is assumed that the attacker knows that the malicious code detection
The system permissions.
model is based on FCGs, so the attacker can use an obfuscation attack
Permission Group Permission against malicious applications. The attacker will change the static
CALENDAR READ_CALENDAR features of an app while retaining malicious behavior, thus affecting
CAMERA CAMERA
the detection model and evading detection. Specifically, in this study,
CONTACTS READ_CONTACTS
ACCESS_FINE_LOCATION
adversarial attacks are implemented on Android applications via an
LOCATION FCG obfuscation attack.
ACCESS_COARSE_LOCATION
MICROPHONE RECORD_AUDIO An FCG obfuscation attack involves adding redundant edges and
PHONE READ_PHONE_STATE nodes to the FCG. It is assumed that when conducting obfuscation
READ_CALL_LOG
CALL_PHONE attacks, attackers usually prefer to add edges in the FCG rather than
PROCESS_OUTGOING_CALLS
SEND_SMS delete edges. The randomly added edges are redundant edges that do
SMS
READ_SMS not interfere with the normal execution process and the result of the
READ_EXTERNAL_STORAGE program. For example, consider the call chain 𝐴 → 𝐵 in the FCG,
STORAGE
WRITE_EXTERNAL_STORAGE indicating that function 𝐴 calls function 𝐵. Redundant nodes 𝐶 and
𝐷 and redundant edges 𝐴 → 𝐶, 𝐶 → 𝐷, and 𝐷 → 𝐵 can be added to
make the call chain become 𝐴 → 𝐶 → 𝐷 → 𝐵.
application software, and it is also difficult to extract features from If anomalies can be found from the perspective of the underlying
call graphs. Finally, the attacker may obfuscate the malware in various structure of the FCG, the detection of adversarial attacks on the FCG
ways, thus affecting the feature extraction of the detection system and can be realized. Most of the common obfuscation methods for Android
evading detection. applications have strong randomness, i.e., the changes of vertex and
In summary, the research on Android system malware detection edges are often random; thus, SGNs can be used to detect obfuscation
based on call graphs has essential value, and is also a research hotspot attacks. An SGN not only judges whether an Android application is
in this field. obfuscated, but also accurately quantifies the degree of obfuscation to
a certain extent. As a result, the subsequent denoising GCN model can
3.3. Function call graph vertex feature extraction reduce the misjudgment of samples.
After obtaining the simplified call graph node list and adjacency 4.2. Subgraph network
matrix, features for each function must be constructed and quantified.
At present, the common node feature vectorization methods include An SGN is a graph composed of subgraphs in the original graph and
word2vec (Popov, 2017) and one-hot encoding. In the process of word can be regarded as a mapping of the original graph, i.e., the original
embedding, the path information of the library where the node is node-level network is mapped to the subgraph-level network. An SGN
located will be lost; thus, the node characteristics cannot be fully reconstructs graph features to extract the underlying information of
expressed. A new method of constructing vertex features in an FCG is graph-structured data.
thus constructed. A subgraph is defined as follows. Given a graph 𝐺(𝑉 , 𝐸), when set
The vector of each vertex is composed of three parts, namely 𝐹𝑡 , 𝐹𝑚 , 𝑉𝑖 belongs to 𝑉 and set 𝐸𝑖 belongs to 𝐸, 𝑔𝑖 = (𝑉𝑖 , 𝐸𝑖 ) is a subgraph
of 𝐺, and multiple subgraphs of graph 𝐺 can be expressed as 𝑔 =
and 𝐹𝑐 , which are spliced into a vertex feature vector with a length of { }
512. 𝑔𝑖 ⊆ 𝐺 ∣ 𝑖 = 1, 2, … , 𝑛 , where 𝑛 < 𝑁.
An SGN is defined as follows. Given a graph 𝐺(𝑉 , 𝐸), the SGN can be
( )
(1) The vector 𝐹𝑡 represents the path of the library where this func- expressed as 𝐺∗ 𝑉 ∗ , 𝐸 ∗ , where 𝐺∗ represents the set of subgraphs,
{ }
tion is located. If it comes from a developer-defined function, 𝐹𝑡 𝑉 ∗ = 𝑔𝑗 ∣ 𝑗 = 0, 1, … , 𝑛 , and 𝐸 ∗ represents that the two subgraphs
is set to all 0 values. If it comes from the Android framework in the set 𝑉 ∗ are connected. The connection state in the SGN means
layer, the description is the system API. An Android library path that the two subgraphs 𝑔𝑖 and 𝑔𝑗 have a common edge or vertex in the
set 𝐿1 is pre-established to collect the paths of the libraries original graph 𝐺.
where all APIs in the dataset are located, and the paths of each After extracting enough subgraphs from the graph, the connec-
library are then mapped into vectors based on this list. 𝐹𝑡 is the tions between the subgraphs are established according to certain rules,
vector mapped to the path of the library where this function is thereby constructing an SGN. In an FCG, two subgraphs are considered
located. to be connected if and only if they share the same nodes or edges from
(2) Vector 𝐹𝑚 represents the vector mapped by the function name the original graph.
of the current vertex through word2vec. Because functions with For first-order SGNs, an edge in the original graph is represented as
similar names generally have similar use, the user-defined func- a subgraph, denoted as SGN(1), and the connections of all subgraphs
tion vertices with high similarity are defined. form an SGN. Specifically, the edges in the original graph are taken
(3) Vector 𝐹𝑐 represents the system permission information re- as the vertices of the SGN, and the vertices between the edges in the
quired for the execution of the current system API. A system original graph correspond to the connecting edges in the SGN, as shown
permission list was constructed based on a previous study (Au in Fig. 3.
et al., 2012), as presented in Table 1. Because many system API For second-order SGNs, open triangles (with at least two edges)
calls require some system permissions, the mapping between the are defined as the basic subgraph units, denoted as SGN(2). If two
system API and system permissions is established and converted such triangles are connected, the two corresponding vertices in the
into vector 𝐹𝑐 , and, finally, the vertex vector is obtained. second-order SGN are connected, as shown in Fig. 4.
4
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
5
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
Fig. 5. The framework of the Android malware detection model based on the denoising GCN.
hidden representation of the whole graph is converged. At this point, To preserve the important information in the FCG vertices to the
the process of extracting features from the graph data is completed. greatest possible extent, and considering the existing FCG vertex sensi-
The further refinement of Eq. (3) yields the state update formula tivity knowledge based on the research on sensitive Android APIs (Arzt
used in this work, as follows: et al., 2014), 70 Android system APIs were selected as the important
( 𝑙+1 ( ) ) FCG vertices in this study. The set of these vertices is denoted as
ℎ𝑙+1
𝑣 =𝑓 𝑊 ∗ 𝑎𝑔𝑔𝑟𝑒𝑔𝑎𝑡𝑒 ℎ𝑙𝑣 , ℎ𝑙𝑢 , ∀𝑢 ∈ 𝑛𝑒[𝑣] (4)
𝑉𝑠 . For the same function 𝑥, its neighbor relations are often different
where ℎ𝑙+1
𝑣 is the hidden representation of the (𝑙 + 1)-th layer node, 𝑓 in different Android application samples. Therefore, after the graph
is the activation function, 𝑊 𝑙+1 is the weight matrix, 𝑎𝑔𝑔𝑟𝑒𝑔𝑎𝑡𝑒(∗) is convolution calculation, the hidden layer representation of vertex 𝑋
the aggregation function for processing variable-length data, and {ℎ𝑙𝑣 } contains different neighbor information. When the training data con-
is the hidden representation of all neighbor vectors of node 𝑣. Fig. 6 verge through the iterative computation of graph convolution, the
presents the information transmission process of each iteration of the hidden representations of the vertices in 𝑉𝑠 are aggregated to obtain
GCN. the final graph vector representation by Eq. (5).
⨁ ⨁ ⨁
ℎ = ℎ𝑁 ℎ𝑁 ⋯ ℎ𝑁𝑣 , ∀𝑣𝑘 ∈ 𝑉𝑠 (5)
5.2.2. Pooling layer 𝑣
1 𝑣 2 𝑘
6
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
7
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
Table 2
Some statistical information of the call graphs extracted from the datasets.
Type Dataset1 Dataset2
# of graphs 11 000 11 560
# of malicious samples 5500 5560
# of benign samples 5500 6000
# of nodes average in malicious samples 2722 2519
# of nodes average in benign samples 10 372 10 758
# of edges average in malicious samples 6251 5936
# of edges average in benign samples 29 882 31 913
Table 3
The top 10 malicious sample families in dataset1.
Malware family Malicious behavior Quantity
GingerMaste Remote control 379 Fig. 8. The results of the experiment to simplify function call graphs.
FakeInst Malicious deduction 450
SmsAgent Privacy theft, remote control 622
Rogue Hooliganism 645
BadNews Tariff consumption, privacy theft 485
SMSZombie Remote control, fraud 281
Reshare Repackage and camouflage, hooliganism 505
Umeng Malicious deduction 320
QDPlugin Self-start, malicious pop-up 294
Adware Malicious promotion 1270
Others / 6749
samples were used as the training set, and the rest of the samples were
used as the test set. Some statistical information is shown in Table 2.
To prove the effectiveness of the proposed model, the malicious
sample dataset contained 195 malicious families to test the detection
performance of the model for a variety of different malicious behavior
samples. Table 3 reports the top 10 malicious sample families in
dataset1.
Fig. 9. The node degree distribution proportions of the FCG, SGN(1), and SGN(2).
8
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
Fig. 10. The relationship between the 𝐾𝑙 value and the 𝐹1 score. Fig. 12. The model performance under different obfuscation attack levels.
7. Conclusion
Fig. 11. The comparison with other Android malware detection methods.
9
X. Lu et al. Expert Systems With Applications 250 (2024) 123922
Declaration of competing interest İbrahim, M., Issa, B., & Jasser, M. B. (2022). A method for automatic android
malware detection based on static analysis and deep learning. IEEE Access, 10,
117334–117352.
The authors declare that they have no known competing finan-
Li, T., Luo, Y., Wan, X., Li, Q., Liu, Q., Wang, R., Jia, C., & Xiao, Y. (2024). A
cial interests or personal relationships that could have appeared to malware detection model based on imbalanced heterogeneous graph embeddings.
influence the work reported in this paper. Expert Systems with Applications, 246, Article 123109.
Lin, H.-C., Wang, P., Lin, W.-H., Lin, Y.-H., & Chen, J.-H. (2023). Graph neural
Data availability network for malware detection and classification on renewable energy management
platform. In 2023 IEEE 5th eurasia conference on biomedical engineering, healthcare
and sustainability (pp. 164–166). IEEE.
Data will be made available on request. Liu, Z., Wang, R., Japkowicz, N., Gomes, H. M., Peng, B., & Zhang, W. (2024).
SeGDroid: An android malware detection method based on sensitive function call
Acknowledgments graph learning. Expert Systems with Applications, 235, Article 121125.
Niu, W., Cao, R., Zhang, X., Ding, K., Zhang, K., & Li, T. (2020). Opcode-level
function call graph based android malware classification using deep learning.
This research work was supported by National Natural Science Sensors, 20(13), 3645.
Foundation of China (Grant No. 62136006), National Key R&D Program Pei, X., Yu, L., & Tian, S. (2020). AMalNet: A deep learning framework based on graph
of China (Grant No. 2020YFB2104700). convolutional networks for malware detection. Computers & Security, 93, Article
101792.
Popov, I. (2017). Malware detection using machine learning based on word2vec
References embeddings of machine code instructions. In 2017 siberian symposium on data science
and engineering (pp. 1–4). IEEE.
Allix, K., Bissyandé, T. F., Klein, J., & Le Traon, Y. (2016). Androzoo: Collecting millions Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., & Xiang, Y. (2020). A survey of android
of android apps for the research community. In Proceedings of the 13th international malware detection with deep neural models. ACM Computing Surveys, 53(6), 1–36.
conference on mining software repositories (pp. 468–471). Rasthofer, S., Arzt, S., & Bodden, E. (2014). A machine-learning approach for classifying
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., & Siemens, C. (2014). and categorizing android sources and sinks. In NDSS, vol. 14 (p. 1125).
Drebin: Effective and explainable detection of android malware in your pocket.. In Rathore, H., Sahay, S. K., Nikam, P., & Sewak, M. (2021). Robust android malware
Ndss, vol. 14 (pp. 23–26). detection system against adversarial attacks using q-learning. Information Systems
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., Frontiers, 23, 867–882.
& McDaniel, P. (2014). Flowdroid: Precise context, flow, field, object-sensitive Schmeelk, S., Yang, J., & Aho, A. (2015). Android malware static analysis techniques.
and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices, 49(6), In Proceedings of the 10th annual cyber and information security research conference
259–269. (pp. 1–8).
Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012). Pscout: analyzing the android Sihag, V., Vardhan, M., & Singh, P. (2021). A survey of android application and
permission specification. In Proceedings of the 2012 ACM conference on computer and malware hardening. Computer Science Review, 39, Article 100365.
communications security (pp. 217–228). VirusShare (2019). VirusShare.com. URL https://virusshare.com/whatsnew.
Dong, S., Li, M., Diao, W., Liu, X., Liu, J., Li, Z., Xu, F., Chen, K., Wang, X., & Zhang, K. VirusTotal (2023). VirusTotal - Free Online Virus, Malware and URL Scanner. URL
(2018). Understanding android obfuscation techniques: A large-scale investigation https://www.virustotal.com/old-browsers/home/url.
in the wild. In Security and privacy in communication networks: 14th international Weibull, W. (1951). A statistical distribution function of wide applicability. Journal of
conference, secureComm 2018, Singapore, Singapore, August 8-10, 2018, proceedings, Applied Mechanics.
part i (pp. 172–192). Springer. Wong, M. Y., & Lie, D. (2016). Intellidroid: a targeted input generator for the dynamic
Esmaeili, B., Azmoodeh, A., Dehghantanha, A., Srivastava, G., Karimipour, H., & Lin, J. analysis of android malware. In NDSS, vol. 16, no. 2016 (pp. 21–24).
C.-W. (2023). A GNN-based adversarial internet of things malware detection frame- Wu, Y., Shi, J., Wang, P., Zeng, D., & Sun, C. (2023). DeepCatra: Learning flow-and
work for critical infrastructure: Studying Gafgyt, Mirai and Tsunami campaigns. graph-based behaviours for Android malware detection. IET Information Security,
IEEE Internet of Things Journal. 17(1), 118–130.
Feng, P., Ma, J., Li, T., Ma, X., Xi, N., & Lu, D. (2020). Android malware detection Wu, F., Souza, A., Zhang, T., Fifty, C., Yu, T., & Weinberger, K. (2019). Simplifying
based on call graph via graph neural network. In 2020 international conference on graph convolutional networks. In International conference on machine learning (pp.
networking and network applications (pp. 368–374). IEEE. 6861–6871). PMLR.
Gao, H., Cheng, S., & Zhang, W. (2021). GDroid: Android malware detection and Yumlembam, R., Issac, B., Jacob, S. M., & Yang, L. (2022). Iot-based android malware
classification with graph convolutional network. Computers & Security, 106, Article detection using graph neural network with adversarial defense. IEEE Internet of
102264. Things Journal.
Grosse, K., Papernot, N., Manoharan, P., Backes, M., & McDaniel, P. (2016). Adver- Zhang, C., Pan, X., Li, H., Gardiner, A., Sargent, I., Hare, J., & Atkinson, P. M.
sarial perturbations against deep neural networks for malware classification. arXiv (2018). A hybrid MLP-CNN classifier for very fine resolution remotely sensed image
preprint arXiv:1606.04435. classification. ISPRS Journal of Photogrammetry and Remote Sensing, 140, 133–144.
He, Y., Liu, Y., Wu, L., Yang, Z., Ren, K., & Qin, Z. (2022). Msdroid: Identifying Zhao, X., Zhang, Z., Zhang, Z., Wu, L., Jin, J., Zhou, Y., Jin, R., Dou, D., & Yan, D.
malicious snippets for android malware detection. IEEE Transactionson Dependable (2021). Expressive 1-lipschitz neural networks for robust multiple graph learning
and Secure Computing. against adversarial attacks. In International conference on machine learning (pp.
12719–12735). PMLR.
10