期刊
NEUROCOMPUTING
卷 423, 期 -, 页码 301-307出版社
ELSEVIER
DOI: 10.1016/j.neucom.2020.10.054
关键词
Graph convolutional network; Android malware detection; Function embedding; Function call graph
资金
- National Natural Science Foundation of China [61571205, 61772220]
This paper aims to learn behavior level features of Android apps from function calls, using enhanced function call graphs (E-FCGs) and a Graph Convolutional Network (GCN) based algorithm. Experimental results show that the method outperforms traditional static features in malware detection.
Analyzing the runtime behaviors of Android apps is crucial for malware detection. In this paper, we attempt to learn the behavior level features of an app from function calls. The challenges of this task are twofold. First, the absence of function attributes hinders the understanding of app behaviors. Second, the graphical representation of function calls cannot be directly processed by classical machine learning algorithms. In this paper, we develop two methods to overcome these challenges. Based on function embedding, we first propose the concept of enhanced function call graphs (E-FCGs) to characterize app runtime behaviors. We then develop a Graph Convolutional Network (GCN) based algorithm to obtain vector representations of E-FCGs. Extensive experiments show that the features learned by our method can achieve surprisingly high detection performance on a variety of classifiers (e.g., LR, DT, SVM, KNN, RF, MLP and CNN), significantly outperforming the traditional static features. (C) 2020 Elsevier B.V. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据