poster

Detecting and categorizing Android malware with graph neural networks

Authors:

Claudia Eckert,

Apostolis ZarrasAuthors Info & Claims

SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

Pages 409 - 412

https://doi.org/10.1145/3412841.3442080

Published: 22 April 2021 Publication History

Abstract

Android is the most dominant operating system in the mobile ecosystem. As expected, this trend did not go unnoticed by miscreants, and quickly enough, it became their favorite platform for discovering new victims through malicious apps. These apps have become so sophisticated that they can bypass anti-malware measures implemented to protect the users. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, sparking the urge to come up with an efficient way to detect Android malware. In this paper, we present a novel Natural Language Processing (NLP) inspired Android malware detection and categorization technique based on Function Call Graph Embedding. We design a graph neural network (graph embedding) based approach to convert the whole graph structure of an Android app to a vector. We then utilize the graphs' vectors to detect and categorize the malware families. Our results reveal that graph embedding yields better results as we get 99.6% accuracy on average for the malware detection and 98.7% accuracy for the malware categorization.

References

[1]

K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon. Androzoo: Collecting Millions of Android Apps for the Research Community. In IEEE/ACM Working Conference on Mining Software Repositories (MSR), 2016.

Digital Library

[2]

S. Arora, Y. Liang, and T. Ma. A Simple but Tough-To-Beat Baseline for Sentence Embeddings. 2016.

[3]

D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens. Drebin: Effective and Explainable Detection of Android Malware in Your Pocket. In Network and Distributed System Security Symposium (NDSS), 2014.

[4]

C. Chen, Y. Liu, B. Shen, and J.-J. Cheng. Android Malware Detection Based on Static Behavior Feature Analysis. Journal of Computers, 29(6):243--253, 2018.

[5]

H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck. Structural Detection of Android Malware Using Embedded Call Graphs. In ACM workshop on Artificial intelligence and security, 2013.

[6]

I. U. Haq and J. Caballero. A Survey of Binary Code Similarity, 2019.

[7]

C. Li, R. Zhu, D. Niu, K. Mills, H. Zhang, and H. Kinawi. Android Malware Detection Based on Factorization Machine. arXiv preprint arXiv:1805.11843, 2018.

[8]

D. Maiorca, D. Ariu, I. Corona, M. Aresu, and G. Giacinto. Stealth Attacks: An Extended Insight Into the Obfuscation Effects on Android Malware. Computers & Security, 51:16--31, 2015.

Digital Library

[9]

T. Mikolov, I. Sutskever, K. Chen, G. S. Corrado, and J. Dean. Distributed Representations of Words and Phrases and Their Compositionality. In Advances in neural information processing systems, 2013.

Digital Library

[10]

L. Onwuzurike, E. Mariconti, P. Andriotis, E. D. Cristofaro, G. Ross, and G. Stringhini. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. ACM Transactions on Privacy and Security, 22(2):1--34, 2019.

Digital Library

[11]

Y. Shen and G. Stringhini. Attack2vec: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks. In USENIX Security Symposium, 2019.

[12]

F. Wei, Y. Li, S. Roy, X. Ou, and W. Zhou. Deep Ground Truth Analysis of Current Android Malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2017.

[13]

D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu. Droidmat: Android Malware Detection Through Manifest and Api Calls Tracing. In Asia Joint Conference on Information Security, 2012.

[14]

P. Xu, B. Kolosnjaji, C. Eckert, and A. Zarras. MANIS: Evading Malware Detection System on Graph Structure. In ACM Symposium on Applied Computing, 2020.

[15]

S. Zhao, X. Li, G. Xu, L. Zhang, and Z. Feng. Attack Tree Based Android Malware Detection With Hybrid Analysis. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2014.

Cited By

TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Bilot TEl Madhoun NAl Agha KZouaoui A(2024)A Survey on Malware Detection with Graph Representation LearningACM Computing Surveys10.1145/366464956:11(1-36)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3664649
Gong JNiu WLi SZhang MZhang X(2024)Sensitive Behavioral Chain-Focused Android Malware Detection Fused With AST SemanticsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346889119(9216-9229)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3468891
Show More Cited By

Detecting and categorizing Android malware with graph neural networks
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
2. Security and privacy

Recommendations

Deep Neural Networks for Automatic Android Malware Detection
ASONAM '17: Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017

Because of the explosive growth of Android malware and due to the severity of its damages, the detection of Android malware has become an increasing important topic in cybersecurity. Currently, the major defense against Android malware is commercial ...
Detect Android Malware Variants Using Component Based Topology Graph
TRUSTCOM '14: Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

Smartphone has experienced explosive growth recently. At present, Android system is the most popular mobile platform and attracts lots of developers as well as malware authors. In order to evade detection, malware authors often apply obfuscation ...
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Obfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

March 2021

2075 pages

ISBN:9781450381048

DOI:10.1145/3412841

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University
,
Jiman Hong
Soongsil University, South Korea
,
Program Chairs:
Alessio Bechini
University of Pisa, Italy
,
Eunjee Song
Baylor University

Copyright © 2021 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 April 2021

Check for updates

Badges

Best Poster

Qualifiers

Poster

Funding Sources

European Union?s Horizon 2020

Conference

SAC '21

Sponsor:

SIGAPP

SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing

March 22 - 26, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
489
Total Downloads

Downloads (Last 12 months)60
Downloads (Last 6 weeks)6

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Bilot TEl Madhoun NAl Agha KZouaoui A(2024)A Survey on Malware Detection with Graph Representation LearningACM Computing Surveys10.1145/366464956:11(1-36)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3664649
Gong JNiu WLi SZhang MZhang X(2024)Sensitive Behavioral Chain-Focused Android Malware Detection Fused With AST SemanticsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346889119(9216-9229)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3468891
Bean JTorri S(2024)Survey of Malware Detection through Use of Neural Network Models2024 International Conference on Cyber-Physical Social Intelligence (ICCSI)10.1109/ICCSI62669.2024.10799495(1-7)Online publication date: 8-Nov-2024
https://doi.org/10.1109/ICCSI62669.2024.10799495
Liu XLiu XHao KWang KChen XNiu W(2024)HGNNDroid: Android Malware Detection Based on Heterogeneous Graph Neural Network2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC)10.1109/DSC63484.2024.00057(378-384)Online publication date: 23-Aug-2024
https://doi.org/10.1109/DSC63484.2024.00057
Liu ZWang RJapkowicz NGomes HPeng BZhang W(2024)SeGDroid: An Android malware detection method based on sensitive function call graph learningExpert Systems with Applications10.1016/j.eswa.2023.121125235(121125)Online publication date: Jan-2024
https://doi.org/10.1016/j.eswa.2023.121125
Han JHuang CLiu J(2024)bjCnet: A contrastive learning-based framework for software defect predictionComputers & Security10.1016/j.cose.2024.104024(104024)Online publication date: Jul-2024
https://doi.org/10.1016/j.cose.2024.104024
Joomye ALing MYau K(2024)A brief survey of deep learning methods for android Malware detectionInternational Journal of System Assurance Engineering and Management10.1007/s13198-024-02643-xOnline publication date: 20-Dec-2024
https://doi.org/10.1007/s13198-024-02643-x
Kishore CBehera H(2024)Malware Attack Detection in Vehicle Cyber Physical System for Planning and Control Using Deep LearningMachine Learning for Cyber Physical System: Advances and Challenges10.1007/978-3-031-54038-7_6(167-193)Online publication date: 12-Apr-2024
https://doi.org/10.1007/978-3-031-54038-7_6
Raza AQaisar ZAslam NFaheem MAshraf MChaudhry M(2024)TL‐GNN: Android Malware Detection Using Transfer LearningApplied AI Letters10.1002/ail2.94Online publication date: 10-May-2024
https://doi.org/10.1002/ail2.94
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten