Android Malware Detection Based on Call Graph via Graph Neural Network

Abstract

With the widespread usage of Android smart-phones in our daily lives, Android platform has become an attractive target for malware authors. There is an urgent need for developing automatic malware detection approach to prevent the spread of malware. Traditional signature-based detection methods cannot handle the rapid evolution of complex malware or the emerging of new types of malware. Due to the limitation on code coverage and poor efficiency of the dynamic analysis, in this paper, we propose a new Android malware detection approach based on static analysis via graph neural network. Instead of extracting Application Programming Interface (API) call information, we further analyze the source code of Android applications to extract high -level semantic information, which increases the barrier of evading detection. Particularly, we construct approximate call graph from function invocation relationships within an Android application to represent this application, and further extract intra-function attributes, including required permission, security level and statistical instructions information, to form the node attributes within graph structures. Then, we use graph neural network (GNN) to generate a vector representation of the application, and then malware classification is performed on this representation. We conduct experiments on real-world application samples. The experimental results demonstrate that our approach implements high effective malware detection and outperforms state-of-the-art detection approaches.