101. Learning features from enhanced function call graphs for Android malware detection
- Author
-
Cai Minghui, Jiang Yuan, Cuiying Gao, Wei Yuan, and Heng Li
- Subjects
0209 industrial biotechnology ,Computer science ,business.industry ,Cognitive Neuroscience ,Subroutine ,02 engineering and technology ,computer.software_genre ,Machine learning ,Graph ,Computer Science Applications ,Support vector machine ,020901 industrial engineering & automation ,Artificial Intelligence ,Android malware ,0202 electrical engineering, electronic engineering, information engineering ,Embedding ,Malware ,020201 artificial intelligence & image processing ,Artificial intelligence ,Android (operating system) ,business ,computer - Abstract
Analyzing the runtime behaviors of Android apps is crucial for malware detection. In this paper, we attempt to learn the behavior level features of an app from function calls. The challenges of this task are twofold. First, the absence of function attributes hinders the understanding of app behaviors. Second, the graphical representation of function calls cannot be directly processed by classical machine learning algorithms. In this paper, we develop two methods to overcome these challenges. Based on function embedding, we first propose the concept of enhanced function call graphs (E-FCGs) to characterize app runtime behaviors. We then develop a Graph Convolutional Network (GCN) based algorithm to obtain vector representations of E-FCGs. Extensive experiments show that the features learned by our method can achieve surprisingly high detection performance on a variety of classifiers (e.g., LR, DT, SVM, KNN, RF, MLP and CNN), significantly outperforming the traditional static features.
- Published
- 2021