FAGnet: Family-aware-based android malware analysis using graph neural network

Abstract

Android malware family analysis is essential for building an efficient malware detection mechanism. In recent years, many graph representation learning-based malware detection and classification studies have been proposed, and many methods model malware as graph data to mine the behavioral semantics of malware. However, they do not consider the relationship at the sample (graph) level, and malware belonging to the same family has similar malicious behavior. The transformation of samples according to the Data Processing Inequality (DPI) will lead to the loss of mutual information transmission, which inspired us to consider the analysis of malware based on graph representation learning from this perspective. In this paper, we consider introducing the relationship between malware samples, inserting a family representation refinement component that is conducive to improving the family separability in the graph classification task, and propose a Family-Aware Graph neural network Android malware analysis (FAGnet). We use 4 backbones to perform extension experiments on 2 benchmark datasets and comprehensively compare some baseline methods. The experiments verify the effectiveness of FAGnet, which achieves 98.11 % accuracy on the Drebin dataset and 83.45 % and 72.76 % accuracy on the CICAndMal2017 category and family classification, respectively. In addition, FAGnet is evaluated with real-world data, and its satisfactory performance was maintained in real-world scenarios.