Android Malware Detection Based on Structural Features of the Function Call Graph

The openness of Android operating system not only brings convenience to users, but also leads to the attack threat from a large number of malicious applications (apps). Thus malware detection has become the research focus in the field of mobile security. In order to solve the problem of more coarse-grained feature selection and larger feature loss of graph structure existing in the current detection methods, we put forward a method named DGCNDroid for Android malware detection, which is based on the deep graph convolutional network. Our method starts by generating a function call graph for the decompiled Android application. Then the function call subgraph containing the sensitive application programming interface (API) is extracted. Finally, the function call subgraphs with structural features are trained as the input of the deep graph convolutional network. Thus the detection and classification of malicious apps can be realized. Through experimentation on a dataset containing 11,120 Android apps, the method proposed in this paper can achieve detection accuracy of 98.2%, which is higher than other existing detection methods.

Automated summary

The openness of the Android operating system brings convenience to users but also poses a threat of attack from malicious applications, making malware detection a key research focus in mobile security. The DGCNDroid method proposed in this paper effectively addresses the issues of feature selection and feature loss in graph structures in current malware detection methods, achieving higher detection accuracy through experimentation on a dataset of 11,120 Android apps.