GCDroid: Android Malware Detection Based on Graph Compression With Reachability Relationship Extraction for IoT Devices

Abstract

With the widespread popularity of Internet of Things (IoT) devices based on the Android system, the amount of Android malware targeting IoT devices continues to increase, causing great economic losses. Accordingly, efficient and accurate Android malware detection methods are particularly important. Recently, many Android malware detection and classification methods have been proposed, but most of them ignore the deep relationships among software. In this paper, we propose a graph compression algorithm with reachability relationship extraction (GCRR) and design an Android malware detection and classification method called GCDroid based on this algorithm. A theoretical analysis shows that GCRR can reasonably extract the reachability relationships among APKs and compress a large heterogeneous APK-API relationship graph into a homogeneous APKs graph. Experiments show that GCDroid based on GCRR greatly reduces the required time consumption while improving detection accuracy. Compared with the existing excellent static Android malware detection methods, GCDroid improves upon their detection accuracies by 1.53%-39.13% on different datasets and outperforms the benchmark methods in terms of Android malware classification. Furthermore, compared with those of the baseline methods that are similar to GCDroid, GCDroid’s time consumption for model training and other aspects is only one-tenth as high or even less.