1. Learning features from enhanced function call graphs for Android malware detection.
- Author
-
Cai, Minghui, Jiang, Yuan, Gao, Cuiying, Li, Heng, and Yuan, Wei
- Subjects
- *
MALWARE , *ALGORITHMS , *MACHINE learning , *MALWARE prevention - Abstract
Analyzing the runtime behaviors of Android apps is crucial for malware detection. In this paper, we attempt to learn the behavior level features of an app from function calls. The challenges of this task are twofold. First, the absence of function attributes hinders the understanding of app behaviors. Second, the graphical representation of function calls cannot be directly processed by classical machine learning algorithms. In this paper, we develop two methods to overcome these challenges. Based on function embedding, we first propose the concept of enhanced function call graphs (E-FCGs) to characterize app runtime behaviors. We then develop a Graph Convolutional Network (GCN) based algorithm to obtain vector representations of E-FCGs. Extensive experiments show that the features learned by our method can achieve surprisingly high detection performance on a variety of classifiers (e.g., LR, DT, SVM, KNN, RF, MLP and CNN), significantly outperforming the traditional static features. [ABSTRACT FROM AUTHOR]
- Published
- 2021
- Full Text
- View/download PDF